last executing test programs: 5.662105186s ago: executing program 1 (id=882): mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$auto(0xffffffffffffffff, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r0) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf25040000000400"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) 5.371185363s ago: executing program 1 (id=886): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'ip6tnl0\x00'}) write$auto(0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback}, 0x55) mincore$auto(0x0, 0x1, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x19, 0x0, 0x8) socket(0xa, 0x3, 0x9) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sg0\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) connect$auto(0x3, 0x0, 0x54) poll$auto(0x0, 0x7, 0x54b) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 5.072601831s ago: executing program 0 (id=889): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) r0 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r1 = socket(0x11, 0xa, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001a80), r3) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001ac0)={'veth0_to_hsr\x00', 0x0}) sendmsg$auto_NETDEV_CMD_DEV_GET(r3, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002abd7000fedbdf250100000008000100", @ANYRES32=r5, @ANYBLOB="59e77a0b9e69894b614e6295d6f2412c6a3610fbbcaf10911b6a5e75682137d5001886a785d3c9ae71ac7ca2a154d73388d7f5638875fefbb1d7088cfc23947d0e4e5af80949223849000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x84) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ipvlan0\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'veth0_macvtap\x00'}) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) nanosleep$auto(&(0x7f0000000180)={0x2, 0x44d4}, 0x0) socket$nl_generic(0x11, 0x3, 0x10) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r6, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x1, 0x4000000000df, 0xd8, 0xffffffffffffffff, 0x300000000000) ppoll$auto(0x0, 0x7f, 0x0, 0x0, 0x8) r7 = socket(0x22, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x80044944, 0x0) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), r7) setsockopt$auto(0xffffffffffffffff, 0x10000000084, 0x9, 0x0, 0x9c) 3.923569s ago: executing program 1 (id=894): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/ip6tnl0/statistics/rx_bytes\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/82, 0x52) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x3, 0x1000, 0x14, 0x0, 0xfffffffffffff806, 0x820006) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x100000, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) mmap$auto(0x9, 0x20009, 0xe0, 0xeb1, r2, 0x4) write$auto(r0, 0x0, 0x8000000000000001) readv$auto(r3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioperm$auto(0x3b, 0xf99b, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x2000000020003b46, 0x1ec2, 0x0, 0x0, 0x10) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0xafcf104edfff9ab1, 0x0) gettid() open(0x0, 0x80400, 0xb5d1af1605322db0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf251f002001000000000000000000000000000206001b004e2100000500120002000000080011000300000006001a004e21000008000c000500000005000600f7000000050005000500000014002000fc0100000000000000000000000000000600010002000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4045}, 0x4c000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x8) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 3.85731309s ago: executing program 3 (id=895): madvise$auto(0x0, 0x6, 0x100e) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC0\x00', 0x10cc3, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, 0x0, 0x1013) shmctl$auto(0x0, 0x1, 0x0) socket(0x2, 0x8, 0x6) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000048c0)='/dev/dsp1\x00', 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000180)="6da6b940dfe114cacac8b7cca871a393aaf922f69708e077a3ff54d760f973198c7f36202c9afdaf7bc2eb57e0") close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x4, 0x0) r4 = fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_nl802154(0x0, r1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) 3.465845872s ago: executing program 0 (id=897): r0 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r0) sendmsg$auto_CTRL_CMD_GETFAMILY2(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="0100294be7865dbd7000fcdbdf250300000006000100ef571e75b05089045e8c17ce975a25fe3b3647f46a80de4c05e7ae61995c6115a126ff521eb007fed56ee8e2ee30364a3d01c89cfc366376004a5de49687b889e848fcfe2c24554c1125e3b46ebd9650f45129d3c8af08084f7d86cc547b1381f8fd8fedafa5087f5c01fb2fe4967a4ecdbbf204a2508d00127be778fdf06e72837c14e35c68b7cd6e56c67bf8eb3dcf"], 0x1c}, 0x1, 0x0, 0x0, 0x480d0}, 0x40880) socket(0x2b, 0x1, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyr0\x00', 0x60540, 0x0) r2 = socket(0x15, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_DEL(r2, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000001b40)=ANY=[@ANYBLOB="cc020000", @ANYRES16=0x0, @ANYBLOB="02032dbd7000fbdbdf250200000004000800980001801400780000000000000000000000ffffac14143e7e008a80ab0c60b22b10ff926fba938c45f88d456432d19d740156bd0f207b123d08055ac2c2e175d1e993dedad8fa58804ada1e777438e5cf0f3493fd016eb756499b80417854ea4f96b7c912db0619954048f573575dfbebe23c61e3018bd4f79f1488bff5aa18d71e76b52d0caa6618a90476e05dcf4d49b448e9abdf00000400018008020180cf3c0263edfeefa2727940d8876ac7b3156d8a8075e5d066e9e26e875ee38e7f8ddf5433b353f94aec838a1ec3fcca6b58675a9a8825f1d4501890a2e78b06cf296874479fa2b25994a8a2962c7a96012fae076f31bc9bf62f4cc6e4a4bf4d2d193244d984ec12bef3baac1c9b2f988d2896ed60ddc67f03ed661e1d9d7195220523af6293279080bb7ba254b17555e168dce9b1e3bbe831a785d00e2a1d041c7089240529d0cfe9774827c41a9c67cc58ee6480e71f40f30f25fba2e8780e780800af00", @ANYRES32=0x0, @ANYBLOB="2401128014005000fc0100000000000000000000000000000400af800c00d40067000000000000001400300020010000000000000000000000000002040037805de2e6bc5ec1f9afacca55a3b03d5e69d12d0fbac85d4fcf730ac56a97278df1b624247d92a81a775f2279bfc9a897f7599315f05766e27fba14dd69f25efb09fa8de55f75022106c65f0aa7f8994fc6b14813cd7c844e59a2a98c9c970c80bf4cb162bd577d36e42168bcfc5a8be1cc2c7389fa9c8d8b390d0d58ca9fa92387b8d6e26f3bc6023b8653f8871a1b2ef406c04237d2cc7bd36252fed09e074799837c0aeee54cd2a074ec9f8b6a4d445e59bc1b7562f4ab6bd9dc889cf148e41c1b040dce096618eb44996237632f85758902009a9d23e80dfed3affe18fac55ab01b79cf04001e001400b300fc01000000000000000000000000000108000a000700000008000a0009000000"], 0x2cc}, 0x1, 0x0, 0x0, 0x40c0}, 0x20040001) socket(0x2b, 0x2, 0x73) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x0, 0x0) openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim0/psample/enable\x00', 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video65\x00', 0x80000, 0x0) ioctl$auto(r3, 0xc058560f, r3) 2.777182558s ago: executing program 0 (id=899): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/controlC1\x00', 0x200600, 0x0) r0 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) move_mount$auto(r0, 0x0, r0, 0x0, 0x176) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), 0xffffffffffffffff) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/ksm/merge_across_nodes\x00', 0x80202, 0x0) waitid$auto_P_ALL(0x0, 0xffffffff, &(0x7f0000000900)={@siginfo_0_0={0x19, 0x0, 0xfffffffc, @_sigfault={&(0x7f0000000880)="43c78afbccd3bf17ad1806cfa573715bba0cf8925bcf001f1b1ea0765de761219cd438a910b6f69b58d687b6d94c16578c0e24d3e9b8c4f827406bf2665cb5ace18306ec6dbac5e9a167f45781766abf8da49c997d9b5ccfbe11e96375526c1d1f76595252e743a4255a19f07a98e817503b4505b6dca7", @_addr_lsb=0x6}}}, 0x3, &(0x7f0000000980)={{0x5, 0x40000000}, {0x5, 0x2}, 0x80000001, 0xa, 0x2, 0x8, 0x2, 0x7f, 0x7ff, 0x1, 0x6, 0x7, 0x0, 0x3, 0x9, 0x220000000000000}) write$auto_tomoyo_self_operations_securityfs_if(r1, &(0x7f0000000080)="60da23", 0x3) shmctl$auto_IPC_INFO(0x4, 0x3, &(0x7f0000000340)={{0x0, 0xffffffffffffffff, 0xee01, 0x5, 0x0, 0x40000000, 0x100}, 0xa8, 0xe78, 0x7, 0x8001, @inferred, @raw=0x2, 0x7, 0x0, &(0x7f0000000200)="913eb62515dd341be378813d8e372ed6a267fdc902c54efa660bf4658a1dd02ffedfc7b49623e412bd68efc9f121be8bb5af284d250669f8b6ea85bbf086022b8b8560a35a59c724f0e7203b56cbcbcf9441818ff2ac50381914141d302fa0f38d3baa5b80a6dd3bb767717c1fc0a02f288a706a7da7dd507e3fcadedaaf68bbdbf1f19055c7f8e85d", &(0x7f00000002c0)="c9cb772c2a4b54a6a5bc59adeafbced7227813fe50c12f798e3f51c47559d0e11724465578cec0b2ab153ea7088671520ef95d5f67dce85da44860e9fa5d927ec5d50e251307790dc98eff34d10a6569f94ee39b5cd70628e8355aa981628e0c7b51dedd38ccbf365cb27d0c9d4de1a8e8e2"}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r0, &(0x7f0000000800)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000007c0)={0x0, 0x1f0}, 0x1, 0x0, 0x0, 0x40000}, 0x4040080) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = gettid() kill$auto(r3, 0x11) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r2, &(0x7f0000001200)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000011c0)={&(0x7f0000001480)=ANY=[], 0x66c}, 0x1, 0x0, 0x0, 0x20004000}, 0xc852) setreuid$auto(0x3, 0x7) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8947, &(0x7f0000000f00)={'pim6reg0\x00'}) openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000ff", @ANYBLOB='2\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x20040010}, 0x0) 2.774449213s ago: executing program 3 (id=900): syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_fops_u64_(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/netdevsim/netdevsim2/psample/out_tc_occ_max\x00', 0x3c9981, 0x0) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/maps\x00', 0x40000, 0x0) ioctl$auto(r0, 0x40104d09, 0x5) (async) ioctl$auto(r0, 0x40104d09, 0x5) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001040)='/proc/asound/card0/pcm0c/sub6/info\x00', 0x28102, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) (async) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) (async) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) socket(0x2, 0x3, 0x4) r3 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) newfstatat$auto(r3, 0x0, 0x0, 0xfffffffe) (async) newfstatat$auto(r3, 0x0, 0x0, 0xfffffffe) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) socket(0x1d, 0x2, 0x7) connect$auto(r2, &(0x7f00000001c0)=@sco={0x1f, @none}, 0x51) socket(0x11, 0x80003, 0x300) (async) r4 = socket(0x11, 0x80003, 0x300) name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000000c0)='/\x00R\xa6\x00\xc8\xda\xdc\xb1\xb4#\xe4\xeb\xe1e/\x1b/\xb9L\xc6P\x82\xba\x90@\xb8\xb5\xb1\xe8\"\x88s\xdf\x15\xaa\x18\xa9\x86\xc7\x87g>8\xae\x99\xd4~\xc6\xa7\\\xcc\xfeV\x83\f\xdc\xdc~\x8e\xd5\x18\x13\x16\xc5\x93E\x10\xcb\x1c\x02\x00\xd2\xa4_\xa3\xdcS\xe2\xe2\xc6\x85p\xfa\xc3/G\x86\xea\x9f\xb0\x9a\xcc6\x1a\x06\x91\x9f\xcfC\xedU\x00f`\x02\x04\xef\xfe\x10\xec\x17\x83%K\x04\xd5s\x86\xe4\x9d\x15\f\x8c\xd9wj\xe5t\x82o7\xc05ul\xacU\xbf\xc0\xfe\xb4\xd7\t\xe0s]\xcd\xac\x87\xa5\xa6.t\xa9\xe8\xa6>\xf2\xd0\xb1\x83\x83\x91\a\xdc\xe9\xaa\x1dx\x06\xa77\xd6\xe1\xe9\x94\xb9Xi\xbbv_\x9a_bv%\xcb\xc7\xdd\xa3\xb4\tpr%\xdf\xc9\x06\xa2\xe7\xe1\xde\x16\xf7\x03x\xf8\v\v\x1a\xfcm\x87r\xc1\b\xca\x97\xb0\xeb\xd6F\x8f^\x94\xdf\x9ax\xf4\x03e[l\xa5', &(0x7f0000000200)={0x0, 0x6}, 0x0, 0x1001) setsockopt$auto(r4, 0x107, 0x12, 0x0, 0x4) (async) setsockopt$auto(r4, 0x107, 0x12, 0x0, 0x4) write$auto(0x3, 0x0, 0xffeb) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) r5 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c00"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r5, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4080) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 2.539603129s ago: executing program 2 (id=901): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="0c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4830) r1 = socket(0x10, 0x2, 0x4) write$auto(r1, &(0x7f0000000000)='\x16\x00', 0x2fb) 2.533465386s ago: executing program 1 (id=902): madvise$auto(0x0, 0x6, 0x100e) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC0\x00', 0x10cc3, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) poll$auto(0x0, 0x7f, 0x9) shmctl$auto(0x0, 0x1, 0x0) socket(0x2, 0x8, 0x6) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000048c0)='/dev/dsp1\x00', 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000180)) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x4, 0x0) r4 = fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), r1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) 2.518049876s ago: executing program 0 (id=903): r0 = socket(0x1d, 0x1, 0x7fff) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sysfs$auto(0x2, 0x0, 0x0) r1 = epoll_create$auto(0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(r1, 0x1, r2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r4, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) r5 = socket(0x18, 0x5, 0x1) connect$auto(r5, 0x0, 0x3a) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000240), r0) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r5, 0x0, 0x30004850) r6 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x101120, 0x0) ioctl$auto_TUNSETSNDBUF(r6, 0x400454d4, &(0x7f0000000040)=0x1) poll$auto(&(0x7f00000001c0)={r6, 0xfffd, 0x1000}, 0x7, 0x4) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) 2.47172548s ago: executing program 2 (id=904): madvise$auto(0x0, 0x6, 0x100e) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC0\x00', 0x10cc3, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, 0x0, 0x1013) poll$auto(0x0, 0x7f, 0x9) shmctl$auto(0x0, 0x1, 0x0) socket(0x2, 0x8, 0x6) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000048c0)='/dev/dsp1\x00', 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000180)="6da6b940dfe114cacac8b7cca871a393aaf922f69708e077a3ff54d760f973198c7f36202c9afdaf7bc2eb57e0") close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x4, 0x0) r4 = fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), r1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) 2.348025497s ago: executing program 3 (id=905): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) pwrite64$auto(r0, 0x0, 0x6bc, 0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x1003, 0x401, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000000), r1) unshare$auto(0x40000080) socket(0x1, 0x5, 0x100) mmap$auto(0x0, 0xdf33, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x400008, 0x5f, 0x810, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4020009, 0x6, 0x4000eb1, 0x401, 0x1) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x5) ioctl$auto(r2, 0x4008af04, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x1ff, 0xdf, 0x200000810, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) 1.5177086s ago: executing program 2 (id=906): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) fanotify_init$auto(0x5, 0x2000000000002) open(&(0x7f0000000000)='.\x00', 0xc00, 0x409) r1 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x104) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim2/hwstats/l3/enable_ifindex\x00', 0x81242, 0x0) mmap$auto(0x0, 0x8, 0x1000e2, 0xeb1, 0x405, 0x100008000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) io_getevents$auto(0x1, 0x401, 0xfffffffffffffffe, 0x0, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/hsr0/ndisc_tclass\x00', 0x2000, 0x0) read$auto(r2, 0x0, 0x1ff) write$auto(0x3, 0x0, 0x100082) getsockopt$auto_SO_PEERSEC(r1, 0x1, 0x1f, &(0x7f0000000140)='/sys/kernel/debug/netdevsim/netdevsim2/hwstats/l3/enable_ifindex\x00', &(0x7f0000000040)=0x6) 1.422418646s ago: executing program 0 (id=907): r0 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r0) sendmsg$auto_CTRL_CMD_GETFAMILY2(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="0100294be7865dbd7000fcdbdf250300000006000100ef571e75b05089045e8c17ce975a25fe3b3647f46a80de4c05e7ae61995c6115a126ff521eb007fed56ee8e2ee30364a3d01c89cfc366376004a5de49687b889e848fcfe2c24554c1125e3b46ebd9650f45129d3c8af08084f7d86cc547b1381f8fd8fedafa5087f5c01fb2fe4967a4ecdbbf204a2508d00127be778fdf06e72837c14e35c68b7cd6e56c67bf8eb3dcf"], 0x1c}, 0x1, 0x0, 0x0, 0x480d0}, 0x40880) socket(0x2b, 0x1, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyr0\x00', 0x60540, 0x0) r2 = socket(0x15, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_DEL(r2, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000001b40)=ANY=[@ANYBLOB="cc020000", @ANYRES16=0x0, @ANYBLOB="02032dbd7000fbdbdf250200000004000800980001801400780000000000000000000000ffffac14143e7e008a80ab0c60b22b10ff926fba938c45f88d456432d19d740156bd0f207b123d08055ac2c2e175d1e993dedad8fa58804ada1e777438e5cf0f3493fd016eb756499b80417854ea4f96b7c912db0619954048f573575dfbebe23c61e3018bd4f79f1488bff5aa18d71e76b52d0caa6618a90476e05dcf4d49b448e9abdf00000400018008020180cf3c0263edfeefa2727940d8876ac7b3156d8a8075e5d066e9e26e875ee38e7f8ddf5433b353f94aec838a1ec3fcca6b58675a9a8825f1d4501890a2e78b06cf296874479fa2b25994a8a2962c7a96012fae076f31bc9bf62f4cc6e4a4bf4d2d193244d984ec12bef3baac1c9b2f988d2896ed60ddc67f03ed661e1d9d7195220523af6293279080bb7ba254b17555e168dce9b1e3bbe831a785d00e2a1d041c7089240529d0cfe9774827c41a9c67cc58ee6480e71f40f30f25fba2e8780e780800af00", @ANYRES32=0x0, @ANYBLOB="2401128014005000fc0100000000000000000000000000000400af800c00d40067000000000000001400300020010000000000000000000000000002040037805de2e6bc5ec1f9afacca55a3b03d5e69d12d0fbac85d4fcf730ac56a97278df1b624247d92a81a775f2279bfc9a897f7599315f05766e27fba14dd69f25efb09fa8de55f75022106c65f0aa7f8994fc6b14813cd7c844e59a2a98c9c970c80bf4cb162bd577d36e42168bcfc5a8be1cc2c7389fa9c8d8b390d0d58ca9fa92387b8d6e26f3bc6023b8653f8871a1b2ef406c04237d2cc7bd36252fed09e074799837c0aeee54cd2a074ec9f8b6a4d445e59bc1b7562f4ab6bd9dc889cf148e41c1b040dce096618eb44996237632f85758902009a9d23e80dfed3affe18fac55ab01b79cf04001e001400b300fc01000000000000000000000000000108000a000700000008000a0009000000"], 0x2cc}, 0x1, 0x0, 0x0, 0x40c0}, 0x20040001) socket(0x2b, 0x2, 0x73) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x0, 0x0) openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim0/psample/enable\x00', 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video65\x00', 0x80000, 0x0) ioctl$auto(r3, 0xc058560f, r3) 1.385048531s ago: executing program 2 (id=908): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="0c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4830) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000280)=0x6) r2 = socket(0x10, 0x5, 0x4) mkdir$auto(&(0x7f0000000000)='}[,&*}\x00', 0xc001) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', 0x0, 0x44020, 0x0) sendfile$auto(r0, r0, &(0x7f0000000040), 0x8) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mincore$auto(0x1000, 0x8001, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) write$auto(r2, &(0x7f0000000000)='\x16\x00', 0x2fb) 1.323508381s ago: executing program 3 (id=909): madvise$auto(0x0, 0x6, 0x100e) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC0\x00', 0x10cc3, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, 0x0, 0x1013) shmctl$auto(0x0, 0x1, 0x0) socket(0x2, 0x8, 0x6) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000048c0)='/dev/dsp1\x00', 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000180)="6da6b940dfe114cacac8b7cca871a393aaf922f69708e077a3ff54d760f973198c7f36202c9afdaf7bc2eb57e0") close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x4, 0x0) r4 = fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_nl802154(0x0, r1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) 1.163858556s ago: executing program 2 (id=910): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="0c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4830) r1 = socket(0x10, 0x2, 0x4) write$auto(r1, &(0x7f0000000000)='\x16\x00', 0x2fb) (fail_nth: 3) 568.056077ms ago: executing program 2 (id=911): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/ip6tnl0/statistics/rx_bytes\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/82, 0x52) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x3, 0x1000, 0x14, 0x0, 0xfffffffffffff806, 0x820006) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x100000, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) mmap$auto(0x9, 0x20009, 0xe0, 0xeb1, r2, 0x4) write$auto(r0, 0x0, 0x8000000000000001) readv$auto(r3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioperm$auto(0x3b, 0xf99b, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x2000000020003b46, 0x1ec2, 0x0, 0x0, 0x10) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0xafcf104edfff9ab1, 0x0) gettid() open(0x0, 0x80400, 0xb5d1af1605322db0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf251f002001000000000000000000000000000206001b004e2100000500120002000000080011000300000006001a004e21000008000c000500000005000600f7000000050005000500000014002000fc0100000000000000000000000000000600010002000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4045}, 0x4c000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x8) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 567.302475ms ago: executing program 1 (id=919): write$auto(0xffffffffffffffff, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D_#\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc^:\xd1\xe3\xf1@\xc0\x93^:Mn#Oi\xaa[X\x93)\x8f\x03K\xe6\xa4\x11?\xf1\x02+\\\xf9\x8b\xe5l5\x11\x006c\x907E\xeb\x81\fB\xe3\xf8n\x8f\x94V\xbcB\x9cm\x9f\x15\x00Q\xf8\x8fFW#?\xd5Z~\xa51\x832\xbd|\x19\xda\x8e\xff\x17\r\x96\xa3\xcc+\xf4a\xffN\xd2_\xe5\\\xf8Lzc\xd4\xa0\x1f\x04_\xf1\xc6\fO\xbe?)Q\xc7\\B\xdb\xeaI\xde\xe9m\xf5\xf9\x19\xd3@IK\xe3c\x0ek\x8drZ\xad\xdc\xbb\xfc\xd4\x1f\xdaOW\x87\xb6Fm\x12\xadw(z\\j\xcc0P\xaeC\x9f\xbf\xd5\xf9\xe3\x85~cG\f\x85\xd6\x84ma\xfd\xdayNj\x80\xdd3^\x87,\x14\x8e\xbe$\x05\x8a\xb0 M\xf6$B TCs\xa9\x91dil[\xfc\a\xbfD\xd9\x8d(F\x1e\f\xec\xe9K|h\xf5\xcaUI\x18#\xbed\xa8C\x8a\xbb\fE\xe6\xa3|\xf7\xa8\xbb\xd3\x97l.V/uc\xb5Q\x1eY\xe0\x03\xa1\xc1\xc8\xe2=RK\x7fWV;\xe4\xccTsf\xa7[\xdd\x9cR\xab\xf81s\xbc\x9c\xaaSGH\x9al\xb9%u\v\xb4\x9d\x95\x16\x01\xbbT\x99S\xf8A\xcd\bRC\xf4\xb0\x1a%\xdd+1\x81\x9d6\x90\xe8\xc6\xc1\x1e\xf0~\xaf\x10g&\xd6\x01l::V\xdbJiVW\xab4G\x97\x9cl', 0x100000a3d9) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) pread64$auto(r0, 0x0, 0x8, 0xffff) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, 0x0, 0x55) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r1, 0x0, 0x4) symlink$auto(0x0, &(0x7f0000001540)='./file0\x00') msync$auto(0xb3, 0x1, 0x8d2) r2 = openat2$auto(r0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0xe8, 0x5, 0x2}, 0xf) open_tree$auto(r2, &(0x7f0000000000)='./file0\x00', 0x101) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x7, 0x3) open$dir(&(0x7f0000000040)='./file0\x00', 0x84000, 0x45) r3 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000100), 0x80, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r3, 0x4018bc13, &(0x7f0000000140)={0x0, 0x80000e4b8}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket(0x15, 0x5, 0x0) getsockopt$auto(r4, 0x114, 0x271e, 0xfffffffffffffffc, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0x8000000000000010, 0x401, 0x8000) close_range$auto(0xffffffffffffffff, 0xfffffffffffff000, 0x2000008) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(r3, 0x4, 0x8b1e, &(0x7f0000000180)='\x00', 0x3) 329.707286ms ago: executing program 0 (id=912): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000140)={0x80, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HWSIM_ATTR_RADIO_NAME={0x33, 0x11, '/Py\xf9*\x9b\"\x1c\xa4l-\x19\xfd\xa4\xf4y\x02\xc2\x96\xfa\x84L\x12\xcd\x83\xf7\x125\x87;\xe5\x04\a\xf0\x9a\xf0)sm\xb4\xa5\xd3\xb7s\xba\aN'}, @HWSIM_ATTR_FLAGS={0x8, 0x4, 0x10000}, @HWSIM_ATTR_PMSR_SUPPORT={0x30, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_MAX_PEERS={0x8, 0x1, 0x387}, @NL80211_PMSR_ATTR_TYPE_CAPA={0x4}, @NL80211_PMSR_ATTR_REPORT_AP_TSF={0x4}, @NL80211_PMSR_ATTR_TYPE_CAPA={0x1c, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS={0x8}, @NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS={0x8, 0x6, 0x1}]}]}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000800) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x8, 0x1, 0x80000000, 0x100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x52, 0x5, 0x11, 0x101, 0x876c5, 0xc9, 0x3}}) io_uring_register$auto(r2, 0x15, 0x0, 0x9) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/maps\x00', 0x48080, 0x0) ioctl$auto_PROCMAP_QUERY(r3, 0xc0686611, &(0x7f0000000040)={0x61, 0x9, 0xbad, 0x10, 0x0, 0x7, 0x5, 0xed, 0xffffffff, 0x6, 0x49, 0x200, 0xffffffff, 0x240000000, 0x9}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8340, 0x0) ioctl$auto(r4, 0x5100, 0xffffffffffffffff) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, r3, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/neigh/veth1_to_batadv/unres_qlen_bytes\x00', 0x101202, 0x0) sendfile$auto(r5, r6, 0x0, 0x1) r7 = socket(0x2, 0x801, 0x106) getsockopt$auto(r7, 0x11c, 0x1, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r8 = openat$auto_hwflags_ops_debugfs(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, r8, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r9, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) 329.008757ms ago: executing program 1 (id=913): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000800) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000680)='/dev/snd/midiC2D0\x00', 0x200802, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000200), 0x49643, 0x0) r3 = openat$auto_fops_u16_(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim4/psample/out_tc\x00', 0x4300, 0x0) socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x6, 0xfffffffa, 0x0, 0x85) shutdown$auto(r3, 0x6) ioctl$auto__ctl_fops_dm_ioctl(r2, 0xfffffffffffffd03, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@ethernet={0x1, @remote}, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram3\x00', 0x8001, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x10, 0x2, 0x0) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x9) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="13000000", @ANYRES16=0x0, @ANYBLOB="250025bd7000fedbdf250400000008000100", @ANYRES32, @ANYBLOB="a80408c6345863267fd0cd7759e36c28fbedc6839187ba52b7410bd94d666429ecf8f752c97e884334879d1ec5abfff1c5bd7800"/66], 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) r4 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='r'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x200440c0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) 167.950601ms ago: executing program 3 (id=914): mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), 0xffffffffffffffff) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01002bbd7000fcdbdf25040000000400"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) 0s ago: executing program 3 (id=915): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) pwrite64$auto(r0, 0x0, 0x6bc, 0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x1003, 0x401, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000000), r1) unshare$auto(0x40000080) socket(0x1, 0x5, 0x100) mmap$auto(0x0, 0xdf33, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x400008, 0x5f, 0x810, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4020009, 0x6, 0x4000eb1, 0x401, 0x1) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x5) ioctl$auto(r2, 0x4008af04, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x1ff, 0xdf, 0x200000810, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) kernel console output (not intermixed with test programs): 8385] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 231.341436][ T8385] do_dentry_open+0x982/0x1530 [ 231.341474][ T8385] ? __pfx_chrdev_open+0x10/0x10 [ 231.341518][ T8385] vfs_open+0x82/0x3f0 [ 231.341551][ T8385] path_openat+0x1de4/0x2cb0 [ 231.341598][ T8385] ? __pfx_path_openat+0x10/0x10 [ 231.341635][ T8385] ? __lock_acquire+0xb8a/0x1c90 [ 231.341666][ T8385] do_filp_open+0x20b/0x470 [ 231.341701][ T8385] ? __pfx_do_filp_open+0x10/0x10 [ 231.341763][ T8385] ? alloc_fd+0x471/0x7d0 [ 231.341807][ T8385] do_sys_openat2+0x11b/0x1d0 [ 231.341834][ T8385] ? __pfx_do_sys_openat2+0x10/0x10 [ 231.341877][ T8385] __x64_sys_openat+0x174/0x210 [ 231.341906][ T8385] ? __pfx___x64_sys_openat+0x10/0x10 [ 231.341933][ T8385] ? ksys_write+0x1ac/0x250 [ 231.341980][ T8385] do_syscall_64+0xcd/0xfa0 [ 231.342019][ T8385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.342046][ T8385] RIP: 0033:0x7fd28a38eec9 [ 231.342073][ T8385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.342100][ T8385] RSP: 002b:00007fd2885f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 231.342124][ T8385] RAX: ffffffffffffffda RBX: 00007fd28a5e5fa0 RCX: 00007fd28a38eec9 [ 231.342141][ T8385] RDX: 0000000000180b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 231.342159][ T8385] RBP: 00007fd28a411f91 R08: 0000000000000000 R09: 0000000000000000 [ 231.342175][ T8385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 231.342190][ T8385] R13: 00007fd28a5e6038 R14: 00007fd28a5e5fa0 R15: 00007ffc069f2878 [ 231.342227][ T8385] [ 232.220325][ T8399] ecryptfs_parse_packet_length: Error parsing packet length [ 232.242393][ T8399] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 234.844012][ T8450] FAULT_INJECTION: forcing a failure. [ 234.844012][ T8450] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 234.895332][ T8450] CPU: 1 UID: 0 PID: 8450 Comm: syz.0.520 Not tainted syzkaller #0 PREEMPT(full) [ 234.895368][ T8450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 234.895382][ T8450] Call Trace: [ 234.895391][ T8450] [ 234.895400][ T8450] dump_stack_lvl+0x16c/0x1f0 [ 234.895441][ T8450] should_fail_ex+0x512/0x640 [ 234.895483][ T8450] should_fail_alloc_page+0xe7/0x130 [ 234.895511][ T8450] prepare_alloc_pages+0x3c2/0x610 [ 234.895540][ T8450] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 234.895583][ T8450] ? find_held_lock+0x2b/0x80 [ 234.895628][ T8450] ? is_bpf_text_address+0x8a/0x1a0 [ 234.895656][ T8450] ? bpf_ksym_find+0x124/0x1c0 [ 234.895689][ T8450] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 234.895722][ T8450] ? is_bpf_text_address+0x94/0x1a0 [ 234.895748][ T8450] ? kernel_text_address+0x8d/0x100 [ 234.895782][ T8450] ? __kernel_text_address+0xd/0x40 [ 234.895810][ T8450] ? unwind_get_return_address+0x59/0xa0 [ 234.895854][ T8450] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 234.895887][ T8450] ? policy_nodemask+0xea/0x4e0 [ 234.895915][ T8450] alloc_pages_mpol+0x1fb/0x550 [ 234.895947][ T8450] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 234.895972][ T8450] ? kasan_save_stack+0x33/0x60 [ 234.896008][ T8450] ? kasan_save_track+0x14/0x30 [ 234.896042][ T8450] ? __kasan_kmalloc+0xaa/0xb0 [ 234.896074][ T8450] ? __get_vm_area_node+0x101/0x330 [ 234.896106][ T8450] alloc_pages_noprof+0x131/0x390 [ 234.896132][ T8450] get_free_pages_noprof+0x10/0xb0 [ 234.896169][ T8450] kasan_populate_vmalloc+0x9f/0x2d0 [ 234.896203][ T8450] ? alloc_vmap_area+0x8b5/0x29e0 [ 234.896247][ T8450] alloc_vmap_area+0x960/0x29e0 [ 234.896302][ T8450] ? __pfx_alloc_vmap_area+0x10/0x10 [ 234.896351][ T8450] __get_vm_area_node+0x1ca/0x330 [ 234.896384][ T8450] __vmalloc_node_range_noprof+0x271/0x1480 [ 234.896413][ T8450] ? n_tty_open+0x1a/0x170 [ 234.896444][ T8450] ? do_raw_spin_unlock+0x172/0x230 [ 234.896486][ T8450] ? n_tty_open+0x1a/0x170 [ 234.896527][ T8450] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 234.896554][ T8450] ? console_unlock+0x184/0x210 [ 234.896592][ T8450] ? __pfx_console_unlock+0x10/0x10 [ 234.896629][ T8450] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 234.896669][ T8450] ? n_tty_open+0x1a/0x170 [ 234.896701][ T8450] __vmalloc_node_noprof+0xad/0xf0 [ 234.896729][ T8450] ? n_tty_open+0x1a/0x170 [ 234.896760][ T8450] ? __pfx_n_tty_open+0x10/0x10 [ 234.896793][ T8450] n_tty_open+0x1a/0x170 [ 234.896824][ T8450] ? __pfx_n_tty_open+0x10/0x10 [ 234.896856][ T8450] tty_ldisc_open+0x9f/0x120 [ 234.896881][ T8450] tty_ldisc_setup+0x40/0x100 [ 234.896908][ T8450] tty_init_dev.part.0+0x1ec/0x500 [ 234.896940][ T8450] tty_open+0xa4f/0xf90 [ 234.896977][ T8450] ? __pfx_tty_open+0x10/0x10 [ 234.897008][ T8450] ? chrdev_open+0x10b/0x6a0 [ 234.897050][ T8450] ? __pfx_tty_open+0x10/0x10 [ 234.897080][ T8450] chrdev_open+0x234/0x6a0 [ 234.897115][ T8450] ? __pfx_apparmor_file_open+0x10/0x10 [ 234.897143][ T8450] ? __pfx_chrdev_open+0x10/0x10 [ 234.897182][ T8450] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 234.897224][ T8450] do_dentry_open+0x982/0x1530 [ 234.897260][ T8450] ? __pfx_chrdev_open+0x10/0x10 [ 234.897304][ T8450] vfs_open+0x82/0x3f0 [ 234.897336][ T8450] path_openat+0x1de4/0x2cb0 [ 234.897384][ T8450] ? __pfx_path_openat+0x10/0x10 [ 234.897421][ T8450] ? __lock_acquire+0xb8a/0x1c90 [ 234.897451][ T8450] do_filp_open+0x20b/0x470 [ 234.897487][ T8450] ? __pfx_do_filp_open+0x10/0x10 [ 234.897549][ T8450] ? alloc_fd+0x471/0x7d0 [ 234.897598][ T8450] do_sys_openat2+0x11b/0x1d0 [ 234.897628][ T8450] ? __pfx_do_sys_openat2+0x10/0x10 [ 234.897672][ T8450] __x64_sys_openat+0x174/0x210 [ 234.897702][ T8450] ? __pfx___x64_sys_openat+0x10/0x10 [ 234.897747][ T8450] do_syscall_64+0xcd/0xfa0 [ 234.897787][ T8450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.897813][ T8450] RIP: 0033:0x7fa9ec58eec9 [ 234.897834][ T8450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.897858][ T8450] RSP: 002b:00007fa9ed4cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 234.897883][ T8450] RAX: ffffffffffffffda RBX: 00007fa9ec7e6090 RCX: 00007fa9ec58eec9 [ 234.897901][ T8450] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 234.897918][ T8450] RBP: 00007fa9ec611f91 R08: 0000000000000000 R09: 0000000000000000 [ 234.897934][ T8450] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 234.897949][ T8450] R13: 00007fa9ec7e6128 R14: 00007fa9ec7e6090 R15: 00007ffeecaefec8 [ 234.897987][ T8450] [ 235.366204][ T8450] syz.0.520: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 235.419160][ T8450] CPU: 0 UID: 0 PID: 8450 Comm: syz.0.520 Not tainted syzkaller #0 PREEMPT(full) [ 235.419183][ T8450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 235.419191][ T8450] Call Trace: [ 235.419197][ T8450] [ 235.419203][ T8450] dump_stack_lvl+0x16c/0x1f0 [ 235.419229][ T8450] warn_alloc+0x248/0x3a0 [ 235.419248][ T8450] ? __pfx_warn_alloc+0x10/0x10 [ 235.419268][ T8450] ? __get_vm_area_node+0x2cd/0x330 [ 235.419285][ T8450] ? __get_vm_area_node+0x2cd/0x330 [ 235.419297][ T8450] ? __get_vm_area_node+0x1dc/0x330 [ 235.419309][ T8450] ? __get_vm_area_node+0x208/0x330 [ 235.419327][ T8450] __vmalloc_node_range_noprof+0xaf5/0x1480 [ 235.419343][ T8450] ? do_raw_spin_unlock+0x172/0x230 [ 235.419365][ T8450] ? n_tty_open+0x1a/0x170 [ 235.419389][ T8450] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 235.419403][ T8450] ? console_unlock+0x184/0x210 [ 235.419421][ T8450] ? __pfx_console_unlock+0x10/0x10 [ 235.419440][ T8450] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 235.419461][ T8450] ? n_tty_open+0x1a/0x170 [ 235.419477][ T8450] __vmalloc_node_noprof+0xad/0xf0 [ 235.419497][ T8450] ? n_tty_open+0x1a/0x170 [ 235.419515][ T8450] ? __pfx_n_tty_open+0x10/0x10 [ 235.419535][ T8450] n_tty_open+0x1a/0x170 [ 235.419552][ T8450] ? __pfx_n_tty_open+0x10/0x10 [ 235.419569][ T8450] tty_ldisc_open+0x9f/0x120 [ 235.419584][ T8450] tty_ldisc_setup+0x40/0x100 [ 235.419599][ T8450] tty_init_dev.part.0+0x1ec/0x500 [ 235.419619][ T8450] tty_open+0xa4f/0xf90 [ 235.419639][ T8450] ? __pfx_tty_open+0x10/0x10 [ 235.419655][ T8450] ? chrdev_open+0x10b/0x6a0 [ 235.419678][ T8450] ? __pfx_tty_open+0x10/0x10 [ 235.419694][ T8450] chrdev_open+0x234/0x6a0 [ 235.419713][ T8450] ? __pfx_apparmor_file_open+0x10/0x10 [ 235.419728][ T8450] ? __pfx_chrdev_open+0x10/0x10 [ 235.419749][ T8450] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 235.419772][ T8450] do_dentry_open+0x982/0x1530 [ 235.419793][ T8450] ? __pfx_chrdev_open+0x10/0x10 [ 235.419817][ T8450] vfs_open+0x82/0x3f0 [ 235.419834][ T8450] path_openat+0x1de4/0x2cb0 [ 235.419859][ T8450] ? __pfx_path_openat+0x10/0x10 [ 235.419880][ T8450] ? __lock_acquire+0xb8a/0x1c90 [ 235.419896][ T8450] do_filp_open+0x20b/0x470 [ 235.419915][ T8450] ? __pfx_do_filp_open+0x10/0x10 [ 235.419949][ T8450] ? alloc_fd+0x471/0x7d0 [ 235.419972][ T8450] do_sys_openat2+0x11b/0x1d0 [ 235.419987][ T8450] ? __pfx_do_sys_openat2+0x10/0x10 [ 235.420009][ T8450] __x64_sys_openat+0x174/0x210 [ 235.420025][ T8450] ? __pfx___x64_sys_openat+0x10/0x10 [ 235.420048][ T8450] do_syscall_64+0xcd/0xfa0 [ 235.420070][ T8450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.420084][ T8450] RIP: 0033:0x7fa9ec58eec9 [ 235.420097][ T8450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.420111][ T8450] RSP: 002b:00007fa9ed4cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 235.420125][ T8450] RAX: ffffffffffffffda RBX: 00007fa9ec7e6090 RCX: 00007fa9ec58eec9 [ 235.420134][ T8450] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 235.420142][ T8450] RBP: 00007fa9ec611f91 R08: 0000000000000000 R09: 0000000000000000 [ 235.420150][ T8450] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 235.420159][ T8450] R13: 00007fa9ec7e6128 R14: 00007fa9ec7e6090 R15: 00007ffeecaefec8 [ 235.420179][ T8450] [ 235.423531][ T8450] Mem-Info: [ 235.809722][ T8450] active_anon:27695 inactive_anon:0 isolated_anon:4 [ 235.809722][ T8450] active_file:20439 inactive_file:40412 isolated_file:0 [ 235.809722][ T8450] unevictable:768 dirty:246 writeback:0 [ 235.809722][ T8450] slab_reclaimable:10623 slab_unreclaimable:90979 [ 235.809722][ T8450] mapped:28191 shmem:17776 pagetables:1170 [ 235.809722][ T8450] sec_pagetables:0 bounce:0 [ 235.809722][ T8450] kernel_misc_reclaimable:0 [ 235.809722][ T8450] free:1302833 free_pcp:18698 free_cma:0 [ 235.873485][ T8450] Node 0 active_anon:110580kB inactive_anon:0kB active_file:81756kB inactive_file:161516kB unevictable:1536kB isolated(anon):16kB isolated(file):0kB mapped:112764kB dirty:984kB writeback:0kB shmem:69568kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11420kB pagetables:4340kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 235.877184][ T8458] Process accounting resumed [ 235.956493][ T8450] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 235.989611][ T8450] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 236.054055][ T8450] lowmem_reserve[]: 0 2483 2485 2485 2485 [ 236.060178][ T8450] Node 0 DMA32 free:1296996kB boost:0kB min:34352kB low:42940kB high:51528kB reserved_highatomic:0KB free_highatomic:0KB active_anon:114664kB inactive_anon:0kB active_file:81756kB inactive_file:161524kB unevictable:1536kB writepending:900kB zspages:0kB present:3129332kB managed:2543608kB mlocked:0kB bounce:0kB free_pcp:53740kB local_pcp:33656kB free_cma:0kB [ 236.102298][ T8450] lowmem_reserve[]: 0 0 1 1 1 [ 236.107318][ T8450] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 236.137354][ T8450] lowmem_reserve[]: 0 0 0 0 0 [ 236.142117][ T8450] Node 1 Normal free:3903764kB boost:0kB min:55524kB low:69404kB high:83284kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:12648kB local_pcp:5120kB free_cma:0kB [ 236.375958][ T8450] lowmem_reserve[]: 0 0 0 0 0 [ 236.380962][ T8450] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 236.477504][ T8450] Node 0 DMA32: 983*4kB (UM) 1053*8kB (UME) 1000*16kB (UME) 715*32kB (UM) 407*64kB (UME) 214*128kB (ME) 115*256kB (M) 53*512kB (ME) 13*1024kB (M) 2*2048kB (UM) 273*4096kB (UM) = 1296868kB [ 236.496956][ T8450] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 236.512253][ T8450] Node 1 Normal: 175*4kB (UME) 51*8kB (UME) 54*16kB (UME) 119*32kB (UME) 40*64kB (UME) 7*128kB (UME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (UM) 1*2048kB (E) 949*4096kB (M) = 3903764kB [ 236.552285][ T8450] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 236.822288][ T8450] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 236.852150][ T8450] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 236.870538][ T8450] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 236.885592][ T8450] 78952 total pagecache pages [ 236.954021][ T8450] 0 pages in swap cache [ 236.965942][ T8450] Free swap = 124996kB [ 236.985113][ T8450] Total swap = 124996kB [ 236.996793][ T8450] 2097051 pages RAM [ 237.023930][ T8450] 0 pages HighMem/MovableOnly [ 237.046081][ T8450] 429059 pages reserved [ 237.070775][ T8450] 0 pages cma reserved [ 237.096567][ T8450] tty tty26: ldisc open failed (-12), clearing slot 25 [ 238.530259][ T8503] netlink: 8 bytes leftover after parsing attributes in process `syz.1.529'. [ 238.671720][ T8503] FAULT_INJECTION: forcing a failure. [ 238.671720][ T8503] name failslab, interval 1, probability 0, space 0, times 0 [ 238.711395][ T8503] CPU: 1 UID: 0 PID: 8503 Comm: syz.1.529 Not tainted syzkaller #0 PREEMPT(full) [ 238.711430][ T8503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 238.711445][ T8503] Call Trace: [ 238.711454][ T8503] [ 238.711462][ T8503] dump_stack_lvl+0x16c/0x1f0 [ 238.711503][ T8503] should_fail_ex+0x512/0x640 [ 238.711541][ T8503] ? __kmalloc_noprof+0xca/0x880 [ 238.711576][ T8503] should_failslab+0xc2/0x120 [ 238.711601][ T8503] __kmalloc_noprof+0xdd/0x880 [ 238.711631][ T8503] ? ieee80211_txq_setup_flows+0x1a6/0xdf0 [ 238.711659][ T8503] ? ieee80211_txq_setup_flows+0x208/0xdf0 [ 238.711692][ T8503] ? ieee80211_txq_setup_flows+0x208/0xdf0 [ 238.711714][ T8503] ieee80211_txq_setup_flows+0x208/0xdf0 [ 238.711749][ T8503] ieee80211_register_hw+0x216d/0x4120 [ 238.711789][ T8503] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 238.711810][ T8503] ? __pfx___debug_object_init+0x10/0x10 [ 238.711831][ T8503] ? find_held_lock+0x2b/0x80 [ 238.711850][ T8503] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 238.711869][ T8503] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 238.711888][ T8503] ? __hrtimer_setup+0x176/0x280 [ 238.711906][ T8503] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 238.711933][ T8503] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 238.711954][ T8503] hwsim_new_radio_nl+0xba2/0x1330 [ 238.711971][ T8503] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 238.711992][ T8503] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 238.712020][ T8503] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 238.712055][ T8503] genl_family_rcv_msg_doit+0x209/0x2f0 [ 238.712087][ T8503] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 238.712123][ T8503] ? bpf_lsm_capable+0x9/0x10 [ 238.712146][ T8503] ? security_capable+0x7e/0x260 [ 238.712172][ T8503] ? ns_capable+0xd7/0x110 [ 238.712208][ T8503] genl_rcv_msg+0x55c/0x800 [ 238.712247][ T8503] ? __pfx_genl_rcv_msg+0x10/0x10 [ 238.712281][ T8503] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 238.712317][ T8503] netlink_rcv_skb+0x158/0x420 [ 238.712338][ T8503] ? __pfx_genl_rcv_msg+0x10/0x10 [ 238.712365][ T8503] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 238.712405][ T8503] ? netlink_deliver_tap+0x1ae/0xd30 [ 238.712446][ T8503] genl_rcv+0x28/0x40 [ 238.712466][ T8503] netlink_unicast+0x5aa/0x870 [ 238.712511][ T8503] ? __pfx_netlink_unicast+0x10/0x10 [ 238.712555][ T8503] netlink_sendmsg+0x8c8/0xdd0 [ 238.712599][ T8503] ? __pfx_netlink_sendmsg+0x10/0x10 [ 238.712640][ T8503] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 238.712669][ T8503] ____sys_sendmsg+0xa98/0xc70 [ 238.712696][ T8503] ? copy_msghdr_from_user+0x10a/0x160 [ 238.712727][ T8503] ? __pfx_____sys_sendmsg+0x10/0x10 [ 238.712759][ T8503] ? __pfx_futex_wake_mark+0x10/0x10 [ 238.712793][ T8503] ___sys_sendmsg+0x134/0x1d0 [ 238.712823][ T8503] ? futex_private_hash_put+0x176/0x300 [ 238.712859][ T8503] ? __pfx____sys_sendmsg+0x10/0x10 [ 238.712888][ T8503] ? __lock_acquire+0x622/0x1c90 [ 238.712954][ T8503] __sys_sendmsg+0x16d/0x220 [ 238.712990][ T8503] ? __pfx___sys_sendmsg+0x10/0x10 [ 238.713020][ T8503] ? __x64_sys_futex+0x1e0/0x4c0 [ 238.713065][ T8503] do_syscall_64+0xcd/0xfa0 [ 238.713102][ T8503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.713127][ T8503] RIP: 0033:0x7fd28a38eec9 [ 238.713147][ T8503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.713170][ T8503] RSP: 002b:00007fd2885f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 238.713193][ T8503] RAX: ffffffffffffffda RBX: 00007fd28a5e5fa0 RCX: 00007fd28a38eec9 [ 238.713210][ T8503] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000007 [ 238.713225][ T8503] RBP: 00007fd28a411f91 R08: 0000000000000000 R09: 0000000000000000 [ 238.713240][ T8503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 238.713262][ T8503] R13: 00007fd28a5e6038 R14: 00007fd28a5e5fa0 R15: 00007ffc069f2878 [ 238.713298][ T8503] [ 239.746930][ T8525] netlink: 268 bytes leftover after parsing attributes in process `syz.2.534'. [ 239.839874][ T8528] vhci_hcd: invalid port number 16 [ 239.845005][ T8528] vhci_hcd: invalid port number 16 [ 239.854211][ T8528] random: crng reseeded on system resumption [ 239.892797][ T8528] FAULT_INJECTION: forcing a failure. [ 239.892797][ T8528] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 240.001999][ T8528] CPU: 1 UID: 0 PID: 8528 Comm: syz.2.534 Not tainted syzkaller #0 PREEMPT(full) [ 240.002034][ T8528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 240.002048][ T8528] Call Trace: [ 240.002053][ T8528] [ 240.002059][ T8528] dump_stack_lvl+0x16c/0x1f0 [ 240.002085][ T8528] should_fail_ex+0x512/0x640 [ 240.002118][ T8528] should_fail_alloc_page+0xe7/0x130 [ 240.002135][ T8528] prepare_alloc_pages+0x3c2/0x610 [ 240.002149][ T8528] ? rcu_is_watching+0x12/0xc0 [ 240.002172][ T8528] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 240.002197][ T8528] ? stack_trace_save+0x8e/0xc0 [ 240.002218][ T8528] ? __pfx_stack_trace_save+0x10/0x10 [ 240.002239][ T8528] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 240.002260][ T8528] ? kasan_save_stack+0x42/0x60 [ 240.002279][ T8528] ? kasan_save_stack+0x33/0x60 [ 240.002300][ T8528] ? do_dentry_open+0x982/0x1530 [ 240.002318][ T8528] ? vfs_open+0x82/0x3f0 [ 240.002331][ T8528] ? path_openat+0x1de4/0x2cb0 [ 240.002354][ T8528] ? do_filp_open+0x20b/0x470 [ 240.002381][ T8528] ? do_sys_openat2+0x11b/0x1d0 [ 240.002404][ T8528] ? __x64_sys_openat+0x174/0x210 [ 240.002427][ T8528] ? do_syscall_64+0xcd/0xfa0 [ 240.002460][ T8528] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.002486][ T8528] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 240.002517][ T8528] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 240.002552][ T8528] ? policy_nodemask+0xea/0x4e0 [ 240.002582][ T8528] alloc_pages_mpol+0x1fb/0x550 [ 240.002610][ T8528] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 240.002645][ T8528] alloc_pages_noprof+0x131/0x390 [ 240.002671][ T8528] get_zeroed_page_noprof+0x18/0xb0 [ 240.002709][ T8528] get_image_page+0x18/0x190 [ 240.002743][ T8528] alloc_rtree_node+0x3c/0xb0 [ 240.002777][ T8528] memory_bm_create+0x519/0x810 [ 240.002825][ T8528] create_basic_memory_bitmaps+0xbd/0x320 [ 240.002867][ T8528] snapshot_open+0x235/0x2b0 [ 240.002889][ T8528] ? __pfx_snapshot_open+0x10/0x10 [ 240.002911][ T8528] misc_open+0x26d/0x450 [ 240.002947][ T8528] ? __pfx_misc_open+0x10/0x10 [ 240.002984][ T8528] chrdev_open+0x234/0x6a0 [ 240.003019][ T8528] ? __pfx_apparmor_file_open+0x10/0x10 [ 240.003046][ T8528] ? __pfx_chrdev_open+0x10/0x10 [ 240.003085][ T8528] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 240.003136][ T8528] do_dentry_open+0x982/0x1530 [ 240.003175][ T8528] ? __pfx_chrdev_open+0x10/0x10 [ 240.003220][ T8528] vfs_open+0x82/0x3f0 [ 240.003252][ T8528] path_openat+0x1de4/0x2cb0 [ 240.003299][ T8528] ? __pfx_path_openat+0x10/0x10 [ 240.003336][ T8528] ? __lock_acquire+0xb8a/0x1c90 [ 240.003365][ T8528] do_filp_open+0x20b/0x470 [ 240.003400][ T8528] ? __pfx_do_filp_open+0x10/0x10 [ 240.003462][ T8528] ? alloc_fd+0x471/0x7d0 [ 240.003503][ T8528] do_sys_openat2+0x11b/0x1d0 [ 240.003530][ T8528] ? __pfx_do_sys_openat2+0x10/0x10 [ 240.003560][ T8528] __x64_sys_openat+0x174/0x210 [ 240.003576][ T8528] ? __pfx___x64_sys_openat+0x10/0x10 [ 240.003599][ T8528] do_syscall_64+0xcd/0xfa0 [ 240.003620][ T8528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.003634][ T8528] RIP: 0033:0x7f4de798eec9 [ 240.003647][ T8528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.003660][ T8528] RSP: 002b:00007f4de8747038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 240.003673][ T8528] RAX: ffffffffffffffda RBX: 00007f4de7be6090 RCX: 00007f4de798eec9 [ 240.003683][ T8528] RDX: 0000000000180b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 240.003692][ T8528] RBP: 00007f4de7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 240.003701][ T8528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 240.003710][ T8528] R13: 00007f4de7be6128 R14: 00007f4de7be6090 R15: 00007ffe561e7438 [ 240.003730][ T8528] [ 241.037548][ T8539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.538'. [ 241.059079][ T8539] FAULT_INJECTION: forcing a failure. [ 241.059079][ T8539] name failslab, interval 1, probability 0, space 0, times 0 [ 241.116144][ T8539] CPU: 1 UID: 0 PID: 8539 Comm: syz.3.538 Not tainted syzkaller #0 PREEMPT(full) [ 241.116178][ T8539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 241.116193][ T8539] Call Trace: [ 241.116202][ T8539] [ 241.116211][ T8539] dump_stack_lvl+0x16c/0x1f0 [ 241.116251][ T8539] should_fail_ex+0x512/0x640 [ 241.116294][ T8539] should_failslab+0xc2/0x120 [ 241.116319][ T8539] __kmalloc_cache_noprof+0x72/0x780 [ 241.116351][ T8539] ? minstrel_ht_alloc+0x4f/0x7c0 [ 241.116381][ T8539] ? minstrel_ht_alloc+0x4f/0x7c0 [ 241.116404][ T8539] minstrel_ht_alloc+0x4f/0x7c0 [ 241.116436][ T8539] ieee80211_init_rate_ctrl_alg+0x20c/0x6b0 [ 241.116479][ T8539] ieee80211_register_hw+0x21b5/0x4120 [ 241.116519][ T8539] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 241.116544][ T8539] ? __pfx___debug_object_init+0x10/0x10 [ 241.116582][ T8539] ? find_held_lock+0x2b/0x80 [ 241.116616][ T8539] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 241.116650][ T8539] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 241.116684][ T8539] ? __hrtimer_setup+0x176/0x280 [ 241.116717][ T8539] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 241.116766][ T8539] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 241.116806][ T8539] hwsim_new_radio_nl+0xba2/0x1330 [ 241.116836][ T8539] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 241.116874][ T8539] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 241.116904][ T8539] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 241.116941][ T8539] genl_family_rcv_msg_doit+0x209/0x2f0 [ 241.116970][ T8539] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 241.117005][ T8539] ? bpf_lsm_capable+0x9/0x10 [ 241.117035][ T8539] ? security_capable+0x7e/0x260 [ 241.117061][ T8539] ? ns_capable+0xd7/0x110 [ 241.117097][ T8539] genl_rcv_msg+0x55c/0x800 [ 241.117128][ T8539] ? __pfx_genl_rcv_msg+0x10/0x10 [ 241.117155][ T8539] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 241.117194][ T8539] netlink_rcv_skb+0x158/0x420 [ 241.117218][ T8539] ? __pfx_genl_rcv_msg+0x10/0x10 [ 241.117247][ T8539] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 241.117286][ T8539] ? netlink_deliver_tap+0x1ae/0xd30 [ 241.117329][ T8539] genl_rcv+0x28/0x40 [ 241.117351][ T8539] netlink_unicast+0x5aa/0x870 [ 241.117394][ T8539] ? __pfx_netlink_unicast+0x10/0x10 [ 241.117447][ T8539] netlink_sendmsg+0x8c8/0xdd0 [ 241.117491][ T8539] ? __pfx_netlink_sendmsg+0x10/0x10 [ 241.117533][ T8539] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 241.117567][ T8539] ____sys_sendmsg+0xa98/0xc70 [ 241.117596][ T8539] ? copy_msghdr_from_user+0x10a/0x160 [ 241.117632][ T8539] ? __pfx_____sys_sendmsg+0x10/0x10 [ 241.117677][ T8539] ___sys_sendmsg+0x134/0x1d0 [ 241.117711][ T8539] ? futex_private_hash_put+0x176/0x300 [ 241.117751][ T8539] ? __pfx____sys_sendmsg+0x10/0x10 [ 241.117783][ T8539] ? __lock_acquire+0x622/0x1c90 [ 241.117856][ T8539] __sys_sendmsg+0x16d/0x220 [ 241.117895][ T8539] ? __pfx___sys_sendmsg+0x10/0x10 [ 241.117929][ T8539] ? __x64_sys_futex+0x1e0/0x4c0 [ 241.117978][ T8539] do_syscall_64+0xcd/0xfa0 [ 241.118017][ T8539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.118052][ T8539] RIP: 0033:0x7f999af8eec9 [ 241.118074][ T8539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.118100][ T8539] RSP: 002b:00007f999be8b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 241.118125][ T8539] RAX: ffffffffffffffda RBX: 00007f999b1e5fa0 RCX: 00007f999af8eec9 [ 241.118143][ T8539] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000007 [ 241.118159][ T8539] RBP: 00007f999b011f91 R08: 0000000000000000 R09: 0000000000000000 [ 241.118174][ T8539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.118189][ T8539] R13: 00007f999b1e6038 R14: 00007f999b1e5fa0 R15: 00007ffda5221f08 [ 241.118222][ T8539] [ 241.118300][ T8539] ieee80211 phy16: Failed to select rate control algorithm [ 243.813355][ T8588] netlink: 268 bytes leftover after parsing attributes in process `syz.0.554'. [ 243.861942][ T8588] vhci_hcd: invalid port number 16 [ 243.876910][ T8588] vhci_hcd: invalid port number 16 [ 243.904136][ T8588] random: crng reseeded on system resumption [ 243.947369][ T8588] FAULT_INJECTION: forcing a failure. [ 243.947369][ T8588] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 244.062825][ T8588] CPU: 0 UID: 0 PID: 8588 Comm: syz.0.554 Not tainted syzkaller #0 PREEMPT(full) [ 244.062847][ T8588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 244.062856][ T8588] Call Trace: [ 244.062862][ T8588] [ 244.062868][ T8588] dump_stack_lvl+0x16c/0x1f0 [ 244.062893][ T8588] should_fail_ex+0x512/0x640 [ 244.062919][ T8588] should_fail_alloc_page+0xe7/0x130 [ 244.062935][ T8588] prepare_alloc_pages+0x3c2/0x610 [ 244.062949][ T8588] ? rcu_is_watching+0x12/0xc0 [ 244.062970][ T8588] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 244.062995][ T8588] ? stack_trace_save+0x8e/0xc0 [ 244.063015][ T8588] ? __pfx_stack_trace_save+0x10/0x10 [ 244.063036][ T8588] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 244.063057][ T8588] ? kasan_save_stack+0x42/0x60 [ 244.063080][ T8588] ? kasan_save_stack+0x33/0x60 [ 244.063101][ T8588] ? do_dentry_open+0x982/0x1530 [ 244.063120][ T8588] ? vfs_open+0x82/0x3f0 [ 244.063132][ T8588] ? path_openat+0x1de4/0x2cb0 [ 244.063157][ T8588] ? do_filp_open+0x20b/0x470 [ 244.063175][ T8588] ? do_sys_openat2+0x11b/0x1d0 [ 244.063188][ T8588] ? __x64_sys_openat+0x174/0x210 [ 244.063203][ T8588] ? do_syscall_64+0xcd/0xfa0 [ 244.063222][ T8588] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.063238][ T8588] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 244.063256][ T8588] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 244.063275][ T8588] ? policy_nodemask+0xea/0x4e0 [ 244.063290][ T8588] alloc_pages_mpol+0x1fb/0x550 [ 244.063305][ T8588] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 244.063324][ T8588] alloc_pages_noprof+0x131/0x390 [ 244.063339][ T8588] get_zeroed_page_noprof+0x18/0xb0 [ 244.063360][ T8588] get_image_page+0x18/0x190 [ 244.063379][ T8588] alloc_rtree_node+0x3c/0xb0 [ 244.063398][ T8588] memory_bm_create+0x519/0x810 [ 244.063424][ T8588] create_basic_memory_bitmaps+0xbd/0x320 [ 244.063448][ T8588] snapshot_open+0x235/0x2b0 [ 244.063459][ T8588] ? __pfx_snapshot_open+0x10/0x10 [ 244.063472][ T8588] misc_open+0x26d/0x450 [ 244.063494][ T8588] ? __pfx_misc_open+0x10/0x10 [ 244.063514][ T8588] chrdev_open+0x234/0x6a0 [ 244.063534][ T8588] ? __pfx_apparmor_file_open+0x10/0x10 [ 244.063549][ T8588] ? __pfx_chrdev_open+0x10/0x10 [ 244.063570][ T8588] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 244.063593][ T8588] do_dentry_open+0x982/0x1530 [ 244.063613][ T8588] ? __pfx_chrdev_open+0x10/0x10 [ 244.063637][ T8588] vfs_open+0x82/0x3f0 [ 244.063654][ T8588] path_openat+0x1de4/0x2cb0 [ 244.063680][ T8588] ? __pfx_path_openat+0x10/0x10 [ 244.063699][ T8588] ? __lock_acquire+0xb8a/0x1c90 [ 244.063716][ T8588] do_filp_open+0x20b/0x470 [ 244.063736][ T8588] ? __pfx_do_filp_open+0x10/0x10 [ 244.063769][ T8588] ? alloc_fd+0x471/0x7d0 [ 244.063792][ T8588] do_sys_openat2+0x11b/0x1d0 [ 244.063808][ T8588] ? __pfx_do_sys_openat2+0x10/0x10 [ 244.063830][ T8588] __x64_sys_openat+0x174/0x210 [ 244.063846][ T8588] ? __pfx___x64_sys_openat+0x10/0x10 [ 244.063869][ T8588] do_syscall_64+0xcd/0xfa0 [ 244.063890][ T8588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.063904][ T8588] RIP: 0033:0x7fa9ec58eec9 [ 244.063917][ T8588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.063931][ T8588] RSP: 002b:00007fa9ed4ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 244.063945][ T8588] RAX: ffffffffffffffda RBX: 00007fa9ec7e5fa0 RCX: 00007fa9ec58eec9 [ 244.063955][ T8588] RDX: 0000000000180b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 244.063964][ T8588] RBP: 00007fa9ec611f91 R08: 0000000000000000 R09: 0000000000000000 [ 244.063973][ T8588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 244.063981][ T8588] R13: 00007fa9ec7e6038 R14: 00007fa9ec7e5fa0 R15: 00007ffeecaefec8 [ 244.064001][ T8588] [ 245.011339][ T8609] netlink: 8 bytes leftover after parsing attributes in process `syz.1.550'. [ 245.847640][ T8626] netlink: 268 bytes leftover after parsing attributes in process `syz.3.553'. [ 246.026107][ T8632] vhci_hcd: invalid port number 16 [ 246.031234][ T8632] vhci_hcd: invalid port number 16 [ 246.046182][ T8632] random: crng reseeded on system resumption [ 246.054556][ T8632] FAULT_INJECTION: forcing a failure. [ 246.054556][ T8632] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 246.067952][ T8632] CPU: 1 UID: 0 PID: 8632 Comm: syz.3.553 Not tainted syzkaller #0 PREEMPT(full) [ 246.067988][ T8632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 246.068003][ T8632] Call Trace: [ 246.068012][ T8632] [ 246.068023][ T8632] dump_stack_lvl+0x16c/0x1f0 [ 246.068066][ T8632] should_fail_ex+0x512/0x640 [ 246.068110][ T8632] should_fail_alloc_page+0xe7/0x130 [ 246.068139][ T8632] prepare_alloc_pages+0x3c2/0x610 [ 246.068165][ T8632] ? rcu_is_watching+0x12/0xc0 [ 246.068205][ T8632] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 246.068251][ T8632] ? stack_trace_save+0x8e/0xc0 [ 246.068288][ T8632] ? __pfx_stack_trace_save+0x10/0x10 [ 246.068328][ T8632] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 246.068368][ T8632] ? kasan_save_stack+0x42/0x60 [ 246.068402][ T8632] ? kasan_save_stack+0x33/0x60 [ 246.068442][ T8632] ? do_dentry_open+0x982/0x1530 [ 246.068476][ T8632] ? vfs_open+0x82/0x3f0 [ 246.068499][ T8632] ? path_openat+0x1de4/0x2cb0 [ 246.068531][ T8632] ? do_filp_open+0x20b/0x470 [ 246.068563][ T8632] ? do_sys_openat2+0x11b/0x1d0 [ 246.068588][ T8632] ? __x64_sys_openat+0x174/0x210 [ 246.068616][ T8632] ? do_syscall_64+0xcd/0xfa0 [ 246.068649][ T8632] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.068676][ T8632] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 246.068709][ T8632] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 246.068744][ T8632] ? policy_nodemask+0xea/0x4e0 [ 246.068773][ T8632] alloc_pages_mpol+0x1fb/0x550 [ 246.068800][ T8632] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 246.068837][ T8632] alloc_pages_noprof+0x131/0x390 [ 246.068865][ T8632] get_zeroed_page_noprof+0x18/0xb0 [ 246.068903][ T8632] get_image_page+0x18/0x190 [ 246.068948][ T8632] alloc_rtree_node+0x3c/0xb0 [ 246.068983][ T8632] memory_bm_create+0x519/0x810 [ 246.069035][ T8632] create_basic_memory_bitmaps+0xbd/0x320 [ 246.069080][ T8632] snapshot_open+0x235/0x2b0 [ 246.069103][ T8632] ? __pfx_snapshot_open+0x10/0x10 [ 246.069128][ T8632] misc_open+0x26d/0x450 [ 246.069167][ T8632] ? __pfx_misc_open+0x10/0x10 [ 246.069204][ T8632] chrdev_open+0x234/0x6a0 [ 246.069241][ T8632] ? __pfx_apparmor_file_open+0x10/0x10 [ 246.069269][ T8632] ? __pfx_chrdev_open+0x10/0x10 [ 246.069309][ T8632] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 246.069351][ T8632] do_dentry_open+0x982/0x1530 [ 246.069388][ T8632] ? __pfx_chrdev_open+0x10/0x10 [ 246.069432][ T8632] vfs_open+0x82/0x3f0 [ 246.069464][ T8632] path_openat+0x1de4/0x2cb0 [ 246.069511][ T8632] ? __pfx_path_openat+0x10/0x10 [ 246.069548][ T8632] ? __lock_acquire+0xb8a/0x1c90 [ 246.069578][ T8632] do_filp_open+0x20b/0x470 [ 246.069614][ T8632] ? __pfx_do_filp_open+0x10/0x10 [ 246.069675][ T8632] ? alloc_fd+0x471/0x7d0 [ 246.069718][ T8632] do_sys_openat2+0x11b/0x1d0 [ 246.069747][ T8632] ? __pfx_do_sys_openat2+0x10/0x10 [ 246.069790][ T8632] __x64_sys_openat+0x174/0x210 [ 246.069820][ T8632] ? __pfx___x64_sys_openat+0x10/0x10 [ 246.069863][ T8632] do_syscall_64+0xcd/0xfa0 [ 246.069902][ T8632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.069936][ T8632] RIP: 0033:0x7f999af8eec9 [ 246.069957][ T8632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.069981][ T8632] RSP: 002b:00007f999be6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 246.070005][ T8632] RAX: ffffffffffffffda RBX: 00007f999b1e6090 RCX: 00007f999af8eec9 [ 246.070023][ T8632] RDX: 0000000000180b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 246.070039][ T8632] RBP: 00007f999b011f91 R08: 0000000000000000 R09: 0000000000000000 [ 246.070054][ T8632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 246.070069][ T8632] R13: 00007f999b1e6128 R14: 00007f999b1e6090 R15: 00007ffda5221f08 [ 246.070106][ T8632] [ 255.770485][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.776902][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.802642][ T8872] netlink: 268 bytes leftover after parsing attributes in process `syz.0.599'. [ 259.135281][ T8872] random: crng reseeded on system resumption [ 259.168127][ T8869] netlink: 'syz.1.600': attribute type 11 has an invalid length. [ 259.188361][ T8869] netlink: 'syz.1.600': attribute type 11 has an invalid length. [ 259.196764][ T8869] netlink: 4 bytes leftover after parsing attributes in process `syz.1.600'. [ 259.216174][ T8869] netlink: 67 bytes leftover after parsing attributes in process `syz.1.600'. [ 259.225360][ T8869] netlink: 8 bytes leftover after parsing attributes in process `syz.1.600'. [ 259.284846][ T8869] netlink: 200 bytes leftover after parsing attributes in process `syz.1.600'. [ 260.762006][ T8916] netlink: 4 bytes leftover after parsing attributes in process `syz.0.609'. [ 260.826593][ T8917] netlink: 13 bytes leftover after parsing attributes in process `syz.0.609'. [ 260.886075][ T8917] netlink: 8 bytes leftover after parsing attributes in process `syz.0.609'. [ 261.650178][ T8925] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.709037][ T8925] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 262.687655][ T8954] netlink: 'syz.2.617': attribute type 11 has an invalid length. [ 262.699663][ T8954] netlink: 'syz.2.617': attribute type 11 has an invalid length. [ 262.878878][ T8954] netlink: 4 bytes leftover after parsing attributes in process `syz.2.617'. [ 262.891137][ T8954] netlink: 67 bytes leftover after parsing attributes in process `syz.2.617'. [ 264.332280][ T8992] __nla_validate_parse: 3 callbacks suppressed [ 264.332296][ T8992] netlink: 12 bytes leftover after parsing attributes in process `syz.1.626'. [ 264.371681][ T8992] tc_dump_action: action bad kind [ 264.513390][ T8993] netlink: 338 bytes leftover after parsing attributes in process `syz.0.624'. [ 264.663847][ C1] sd 0:0:1:0: [sda] tag#4418 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 264.674387][ C1] sd 0:0:1:0: [sda] tag#4418 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 264.696077][ T8999] zswap: compressor 000 not available [ 266.341496][ T9032] Process accounting paused [ 267.797911][ T9088] netlink: 8 bytes leftover after parsing attributes in process `syz.2.643'. [ 267.817696][ T9088] FAULT_INJECTION: forcing a failure. [ 267.817696][ T9088] name failslab, interval 1, probability 0, space 0, times 0 [ 267.848395][ T9088] CPU: 1 UID: 0 PID: 9088 Comm: syz.2.643 Not tainted syzkaller #0 PREEMPT(full) [ 267.848433][ T9088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 267.848449][ T9088] Call Trace: [ 267.848458][ T9088] [ 267.848469][ T9088] dump_stack_lvl+0x16c/0x1f0 [ 267.848513][ T9088] should_fail_ex+0x512/0x640 [ 267.848551][ T9088] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 267.848589][ T9088] should_failslab+0xc2/0x120 [ 267.848615][ T9088] kmem_cache_alloc_noprof+0x75/0x6e0 [ 267.848653][ T9088] ? __kernfs_new_node+0xd2/0x8e0 [ 267.848699][ T9088] ? __kernfs_new_node+0xd2/0x8e0 [ 267.848734][ T9088] __kernfs_new_node+0xd2/0x8e0 [ 267.848780][ T9088] ? __pfx___kernfs_new_node+0x10/0x10 [ 267.848839][ T9088] ? find_held_lock+0x2b/0x80 [ 267.848876][ T9088] ? kernfs_root+0xee/0x2a0 [ 267.848909][ T9088] kernfs_new_node+0x13c/0x1e0 [ 267.848945][ T9088] kernfs_create_link+0xcc/0x240 [ 267.848983][ T9088] sysfs_do_create_link_sd+0x90/0x140 [ 267.849026][ T9088] sysfs_create_link+0x61/0xc0 [ 267.849064][ T9088] device_add+0x591/0x1aa0 [ 267.849093][ T9088] ? __pfx_device_add+0x10/0x10 [ 267.849114][ T9088] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 267.849150][ T9088] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 267.849197][ T9088] wiphy_register+0x1eb0/0x2b20 [ 267.849223][ T9088] ? netdev_run_todo+0x864/0x1320 [ 267.849259][ T9088] ? __pfx_wiphy_register+0x10/0x10 [ 267.849306][ T9088] ieee80211_register_hw+0x253d/0x4120 [ 267.849350][ T9088] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 267.849377][ T9088] ? __pfx___debug_object_init+0x10/0x10 [ 267.849416][ T9088] ? find_held_lock+0x2b/0x80 [ 267.849451][ T9088] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 267.849486][ T9088] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 267.849520][ T9088] ? __hrtimer_setup+0x176/0x280 [ 267.849553][ T9088] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 267.849603][ T9088] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 267.849644][ T9088] hwsim_new_radio_nl+0xba2/0x1330 [ 267.849677][ T9088] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 267.849718][ T9088] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 267.849748][ T9088] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 267.849787][ T9088] genl_family_rcv_msg_doit+0x209/0x2f0 [ 267.849818][ T9088] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 267.849869][ T9088] ? bpf_lsm_capable+0x9/0x10 [ 267.849894][ T9088] ? security_capable+0x7e/0x260 [ 267.849922][ T9088] ? ns_capable+0xd7/0x110 [ 267.849960][ T9088] genl_rcv_msg+0x55c/0x800 [ 267.849994][ T9088] ? __pfx_genl_rcv_msg+0x10/0x10 [ 267.850023][ T9088] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 267.850066][ T9088] netlink_rcv_skb+0x158/0x420 [ 267.850090][ T9088] ? __pfx_genl_rcv_msg+0x10/0x10 [ 267.850120][ T9088] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 267.850161][ T9088] ? netlink_deliver_tap+0x1ae/0xd30 [ 267.850205][ T9088] genl_rcv+0x28/0x40 [ 267.850229][ T9088] netlink_unicast+0x5aa/0x870 [ 267.850274][ T9088] ? __pfx_netlink_unicast+0x10/0x10 [ 267.850328][ T9088] netlink_sendmsg+0x8c8/0xdd0 [ 267.850374][ T9088] ? __pfx_netlink_sendmsg+0x10/0x10 [ 267.850418][ T9088] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 267.850453][ T9088] ____sys_sendmsg+0xa98/0xc70 [ 267.850484][ T9088] ? copy_msghdr_from_user+0x10a/0x160 [ 267.850521][ T9088] ? __pfx_____sys_sendmsg+0x10/0x10 [ 267.850570][ T9088] ___sys_sendmsg+0x134/0x1d0 [ 267.850604][ T9088] ? futex_private_hash_put+0x176/0x300 [ 267.850646][ T9088] ? __pfx____sys_sendmsg+0x10/0x10 [ 267.850680][ T9088] ? __lock_acquire+0x622/0x1c90 [ 267.850756][ T9088] __sys_sendmsg+0x16d/0x220 [ 267.850794][ T9088] ? __pfx___sys_sendmsg+0x10/0x10 [ 267.850834][ T9088] ? __x64_sys_futex+0x1e0/0x4c0 [ 267.850886][ T9088] do_syscall_64+0xcd/0xfa0 [ 267.850928][ T9088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.850954][ T9088] RIP: 0033:0x7f4de798eec9 [ 267.850977][ T9088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.851002][ T9088] RSP: 002b:00007f4de8768038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 267.851028][ T9088] RAX: ffffffffffffffda RBX: 00007f4de7be5fa0 RCX: 00007f4de798eec9 [ 267.851046][ T9088] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000007 [ 267.851062][ T9088] RBP: 00007f4de7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 267.851078][ T9088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 267.851094][ T9088] R13: 00007f4de7be6038 R14: 00007f4de7be5fa0 R15: 00007ffe561e7438 [ 267.851133][ T9088] [ 268.980464][ T9092] sp0: Synchronizing with TNC è[ 269.644119][ T9124] netlink: 338 bytes leftover after parsing attributes in process `syz.1.652'. [ 269.666429][ T9129] block nbd0: Unsupported socket: should be TCP or UNIX. [ 270.192657][ T9142] netlink: 268 bytes leftover after parsing attributes in process `syz.0.656'. [ 270.527056][ T9142] vhci_hcd: invalid port number 16 [ 270.546028][ T9142] vhci_hcd: invalid port number 16 [ 270.565057][ T9142] random: crng reseeded on system resumption [ 270.656079][ T9142] FAULT_INJECTION: forcing a failure. [ 270.656079][ T9142] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 270.677113][ T9142] CPU: 1 UID: 0 PID: 9142 Comm: syz.0.656 Not tainted syzkaller #0 PREEMPT(full) [ 270.677136][ T9142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 270.677145][ T9142] Call Trace: [ 270.677150][ T9142] [ 270.677157][ T9142] dump_stack_lvl+0x16c/0x1f0 [ 270.677184][ T9142] should_fail_ex+0x512/0x640 [ 270.677209][ T9142] should_fail_alloc_page+0xe7/0x130 [ 270.677226][ T9142] prepare_alloc_pages+0x3c2/0x610 [ 270.677239][ T9142] ? rcu_is_watching+0x12/0xc0 [ 270.677261][ T9142] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 270.677286][ T9142] ? stack_trace_save+0x8e/0xc0 [ 270.677307][ T9142] ? __pfx_stack_trace_save+0x10/0x10 [ 270.677328][ T9142] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 270.677349][ T9142] ? kasan_save_stack+0x42/0x60 [ 270.677368][ T9142] ? kasan_save_stack+0x33/0x60 [ 270.677389][ T9142] ? do_dentry_open+0x982/0x1530 [ 270.677408][ T9142] ? vfs_open+0x82/0x3f0 [ 270.677420][ T9142] ? path_openat+0x1de4/0x2cb0 [ 270.677437][ T9142] ? do_filp_open+0x20b/0x470 [ 270.677454][ T9142] ? do_sys_openat2+0x11b/0x1d0 [ 270.677468][ T9142] ? __x64_sys_openat+0x174/0x210 [ 270.677481][ T9142] ? do_syscall_64+0xcd/0xfa0 [ 270.677499][ T9142] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.677514][ T9142] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 270.677532][ T9142] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 270.677592][ T9142] ? policy_nodemask+0xea/0x4e0 [ 270.677615][ T9142] alloc_pages_mpol+0x1fb/0x550 [ 270.677632][ T9142] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 270.677651][ T9142] alloc_pages_noprof+0x131/0x390 [ 270.677667][ T9142] get_zeroed_page_noprof+0x18/0xb0 [ 270.677689][ T9142] get_image_page+0x18/0x190 [ 270.677709][ T9142] alloc_rtree_node+0x3c/0xb0 [ 270.677728][ T9142] memory_bm_create+0x519/0x810 [ 270.677754][ T9142] create_basic_memory_bitmaps+0xbd/0x320 [ 270.677777][ T9142] snapshot_open+0x235/0x2b0 [ 270.677789][ T9142] ? __pfx_snapshot_open+0x10/0x10 [ 270.677802][ T9142] misc_open+0x26d/0x450 [ 270.677824][ T9142] ? __pfx_misc_open+0x10/0x10 [ 270.677844][ T9142] chrdev_open+0x234/0x6a0 [ 270.677864][ T9142] ? __pfx_apparmor_file_open+0x10/0x10 [ 270.677879][ T9142] ? __pfx_chrdev_open+0x10/0x10 [ 270.677901][ T9142] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 270.677924][ T9142] do_dentry_open+0x982/0x1530 [ 270.677945][ T9142] ? __pfx_chrdev_open+0x10/0x10 [ 270.677970][ T9142] vfs_open+0x82/0x3f0 [ 270.677988][ T9142] path_openat+0x1de4/0x2cb0 [ 270.678013][ T9142] ? __pfx_path_openat+0x10/0x10 [ 270.678033][ T9142] ? __lock_acquire+0xb8a/0x1c90 [ 270.678049][ T9142] do_filp_open+0x20b/0x470 [ 270.678068][ T9142] ? __pfx_do_filp_open+0x10/0x10 [ 270.678102][ T9142] ? alloc_fd+0x471/0x7d0 [ 270.678125][ T9142] do_sys_openat2+0x11b/0x1d0 [ 270.678140][ T9142] ? __pfx_do_sys_openat2+0x10/0x10 [ 270.678166][ T9142] __x64_sys_openat+0x174/0x210 [ 270.678181][ T9142] ? __pfx___x64_sys_openat+0x10/0x10 [ 270.678205][ T9142] do_syscall_64+0xcd/0xfa0 [ 270.678227][ T9142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.678241][ T9142] RIP: 0033:0x7fa9ec58eec9 [ 270.678253][ T9142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.678268][ T9142] RSP: 002b:00007fa9ed4ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 270.678282][ T9142] RAX: ffffffffffffffda RBX: 00007fa9ec7e5fa0 RCX: 00007fa9ec58eec9 [ 270.678291][ T9142] RDX: 0000000000180b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 270.678301][ T9142] RBP: 00007fa9ec611f91 R08: 0000000000000000 R09: 0000000000000000 [ 270.678309][ T9142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 270.678318][ T9142] R13: 00007fa9ec7e6038 R14: 00007fa9ec7e5fa0 R15: 00007ffeecaefec8 [ 270.678338][ T9142] [ 272.150251][ T9171] netlink: 8 bytes leftover after parsing attributes in process `syz.3.662'. [ 272.219704][ T9171] FAULT_INJECTION: forcing a failure. [ 272.219704][ T9171] name failslab, interval 1, probability 0, space 0, times 0 [ 272.254234][ T9178] FAULT_INJECTION: forcing a failure. [ 272.254234][ T9178] name failslab, interval 1, probability 0, space 0, times 0 [ 272.297820][ T9171] CPU: 0 UID: 0 PID: 9171 Comm: syz.3.662 Not tainted syzkaller #0 PREEMPT(full) [ 272.297856][ T9171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 272.297871][ T9171] Call Trace: [ 272.297880][ T9171] [ 272.297891][ T9171] dump_stack_lvl+0x16c/0x1f0 [ 272.297934][ T9171] should_fail_ex+0x512/0x640 [ 272.297972][ T9171] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 272.298008][ T9171] should_failslab+0xc2/0x120 [ 272.298033][ T9171] kmem_cache_alloc_noprof+0x75/0x6e0 [ 272.298066][ T9171] ? __kernfs_new_node+0xd2/0x8e0 [ 272.298111][ T9171] ? __kernfs_new_node+0xd2/0x8e0 [ 272.298146][ T9171] __kernfs_new_node+0xd2/0x8e0 [ 272.298190][ T9171] ? __pfx___kernfs_new_node+0x10/0x10 [ 272.298239][ T9171] ? find_held_lock+0x2b/0x80 [ 272.298274][ T9171] ? kernfs_root+0xee/0x2a0 [ 272.298306][ T9171] kernfs_new_node+0x13c/0x1e0 [ 272.298341][ T9171] kernfs_create_link+0xcc/0x240 [ 272.298377][ T9171] sysfs_do_create_link_sd+0x90/0x140 [ 272.298419][ T9171] sysfs_create_link+0x61/0xc0 [ 272.298457][ T9171] device_add+0x591/0x1aa0 [ 272.298485][ T9171] ? __pfx_device_add+0x10/0x10 [ 272.298508][ T9171] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 272.298543][ T9171] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 272.298587][ T9171] wiphy_register+0x1eb0/0x2b20 [ 272.298613][ T9171] ? netdev_run_todo+0x864/0x1320 [ 272.298649][ T9171] ? __pfx_wiphy_register+0x10/0x10 [ 272.298696][ T9171] ieee80211_register_hw+0x253d/0x4120 [ 272.298739][ T9171] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 272.298764][ T9171] ? __pfx___debug_object_init+0x10/0x10 [ 272.298816][ T9171] ? find_held_lock+0x2b/0x80 [ 272.298852][ T9171] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 272.298888][ T9171] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 272.298922][ T9171] ? __hrtimer_setup+0x176/0x280 [ 272.298956][ T9171] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 272.299009][ T9171] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 272.299046][ T9171] hwsim_new_radio_nl+0xba2/0x1330 [ 272.299076][ T9171] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 272.299115][ T9171] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 272.299147][ T9171] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 272.299186][ T9171] genl_family_rcv_msg_doit+0x209/0x2f0 [ 272.299218][ T9171] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 272.299261][ T9171] ? bpf_lsm_capable+0x9/0x10 [ 272.299285][ T9171] ? security_capable+0x7e/0x260 [ 272.299313][ T9171] ? ns_capable+0xd7/0x110 [ 272.299351][ T9171] genl_rcv_msg+0x55c/0x800 [ 272.299383][ T9171] ? __pfx_genl_rcv_msg+0x10/0x10 [ 272.299412][ T9171] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 272.299454][ T9171] netlink_rcv_skb+0x158/0x420 [ 272.299478][ T9171] ? __pfx_genl_rcv_msg+0x10/0x10 [ 272.299508][ T9171] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 272.299557][ T9171] genl_rcv+0x28/0x40 [ 272.299580][ T9171] netlink_unicast+0x5aa/0x870 [ 272.299624][ T9171] ? __pfx_netlink_unicast+0x10/0x10 [ 272.299660][ T9171] ? netlink_autobind.isra.0+0xa8/0x370 [ 272.299711][ T9171] netlink_sendmsg+0x8c8/0xdd0 [ 272.299757][ T9171] ? __pfx_netlink_sendmsg+0x10/0x10 [ 272.299812][ T9171] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 272.299847][ T9171] ____sys_sendmsg+0xa98/0xc70 [ 272.299878][ T9171] ? copy_msghdr_from_user+0x10a/0x160 [ 272.299916][ T9171] ? __pfx_____sys_sendmsg+0x10/0x10 [ 272.299942][ T9171] ? rcu_is_watching+0x12/0xc0 [ 272.299985][ T9171] ? __lock_acquire+0xb8a/0x1c90 [ 272.300017][ T9171] ___sys_sendmsg+0x134/0x1d0 [ 272.300056][ T9171] ? __pfx____sys_sendmsg+0x10/0x10 [ 272.300090][ T9171] ? __lock_acquire+0x622/0x1c90 [ 272.300160][ T9171] __sys_sendmsg+0x16d/0x220 [ 272.300199][ T9171] ? __pfx___sys_sendmsg+0x10/0x10 [ 272.300233][ T9171] ? __pfx___schedule+0x10/0x10 [ 272.300266][ T9171] ? __x64_sys_futex+0x1e0/0x4c0 [ 272.300318][ T9171] do_syscall_64+0xcd/0xfa0 [ 272.300358][ T9171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.300384][ T9171] RIP: 0033:0x7f999af8eec9 [ 272.300406][ T9171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.300430][ T9171] RSP: 002b:00007f999be8b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 272.300455][ T9171] RAX: ffffffffffffffda RBX: 00007f999b1e5fa0 RCX: 00007f999af8eec9 [ 272.300473][ T9171] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000007 [ 272.300489][ T9171] RBP: 00007f999b011f91 R08: 0000000000000000 R09: 0000000000000000 [ 272.300504][ T9171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 272.300519][ T9171] R13: 00007f999b1e6038 R14: 00007f999b1e5fa0 R15: 00007ffda5221f08 [ 272.300558][ T9171] [ 272.754036][ T9178] CPU: 1 UID: 0 PID: 9178 Comm: syz.1.663 Not tainted syzkaller #0 PREEMPT(full) [ 272.754069][ T9178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 272.754084][ T9178] Call Trace: [ 272.754093][ T9178] [ 272.754103][ T9178] dump_stack_lvl+0x16c/0x1f0 [ 272.754147][ T9178] should_fail_ex+0x512/0x640 [ 272.754185][ T9178] ? fs_reclaim_acquire+0xae/0x150 [ 272.754211][ T9178] should_failslab+0xc2/0x120 [ 272.754236][ T9178] __kmalloc_noprof+0xdd/0x880 [ 272.754267][ T9178] ? kfree+0x252/0x6d0 [ 272.754294][ T9178] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 272.754335][ T9178] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 272.754369][ T9178] tomoyo_realpath_from_path+0xc2/0x6e0 [ 272.754413][ T9178] tomoyo_check_open_permission+0x2ab/0x3c0 [ 272.754444][ T9178] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 272.754500][ T9178] ? do_raw_spin_lock+0x12c/0x2b0 [ 272.754550][ T9178] tomoyo_file_open+0x6b/0x90 [ 272.754586][ T9178] security_file_open+0x84/0x1e0 [ 272.754630][ T9178] do_dentry_open+0x596/0x1530 [ 272.754679][ T9178] vfs_open+0x82/0x3f0 [ 272.754708][ T9178] path_openat+0x1de4/0x2cb0 [ 272.754752][ T9178] ? __pfx_path_openat+0x10/0x10 [ 272.754788][ T9178] ? __lock_acquire+0xb8a/0x1c90 [ 272.754819][ T9178] do_filp_open+0x20b/0x470 [ 272.754855][ T9178] ? __pfx_do_filp_open+0x10/0x10 [ 272.754902][ T9178] ? __pfx_kfree_link+0x10/0x10 [ 272.754940][ T9178] ? alloc_fd+0x471/0x7d0 [ 272.754982][ T9178] do_sys_openat2+0x11b/0x1d0 [ 272.755010][ T9178] ? __pfx_do_sys_openat2+0x10/0x10 [ 272.755053][ T9178] __x64_sys_openat+0x174/0x210 [ 272.755079][ T9178] ? __pfx___x64_sys_openat+0x10/0x10 [ 272.755120][ T9178] do_syscall_64+0xcd/0xfa0 [ 272.755159][ T9178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.755184][ T9178] RIP: 0033:0x7fd28a38eec9 [ 272.755205][ T9178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.755230][ T9178] RSP: 002b:00007fd2885d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 272.755254][ T9178] RAX: ffffffffffffffda RBX: 00007fd28a5e6090 RCX: 00007fd28a38eec9 [ 272.755272][ T9178] RDX: 0000000000084040 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 272.755289][ T9178] RBP: 00007fd28a411f91 R08: 0000000000000000 R09: 0000000000000000 [ 272.755306][ T9178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 272.755321][ T9178] R13: 00007fd28a5e6128 R14: 00007fd28a5e6090 R15: 00007ffc069f2878 [ 272.755358][ T9178] [ 272.755369][ T9178] ERROR: Out of memory at tomoyo_realpath_from_path. [ 273.315341][ T9186] FAULT_INJECTION: forcing a failure. [ 273.315341][ T9186] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 273.344528][ T9186] CPU: 1 UID: 0 PID: 9186 Comm: syz.3.665 Not tainted syzkaller #0 PREEMPT(full) [ 273.344560][ T9186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 273.344574][ T9186] Call Trace: [ 273.344582][ T9186] [ 273.344592][ T9186] dump_stack_lvl+0x16c/0x1f0 [ 273.344631][ T9186] should_fail_ex+0x512/0x640 [ 273.344670][ T9186] _copy_to_user+0x32/0xd0 [ 273.344696][ T9186] simple_read_from_buffer+0xcb/0x170 [ 273.344729][ T9186] proc_fail_nth_read+0x197/0x240 [ 273.344763][ T9186] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 273.344798][ T9186] ? rw_verify_area+0xcf/0x6c0 [ 273.344827][ T9186] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 273.344859][ T9186] vfs_read+0x1e4/0xcf0 [ 273.344897][ T9186] ? __pfx_vfs_read+0x10/0x10 [ 273.344929][ T9186] ? do_sys_openat2+0x157/0x1d0 [ 273.344954][ T9186] ? __pfx_do_sys_openat2+0x10/0x10 [ 273.344979][ T9186] ? __pfx_do_sys_openat2+0x10/0x10 [ 273.345021][ T9186] ksys_read+0x12a/0x250 [ 273.345052][ T9186] ? __pfx_ksys_read+0x10/0x10 [ 273.345093][ T9186] do_syscall_64+0xcd/0xfa0 [ 273.345129][ T9186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.345153][ T9186] RIP: 0033:0x7f999af8d8dc [ 273.345172][ T9186] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 273.345194][ T9186] RSP: 002b:00007f999be8b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 273.345218][ T9186] RAX: ffffffffffffffda RBX: 00007f999b1e5fa0 RCX: 00007f999af8d8dc [ 273.345235][ T9186] RDX: 000000000000000f RSI: 00007f999be8b0a0 RDI: 0000000000000005 [ 273.345250][ T9186] RBP: 00007f999be8b090 R08: 0000000000000000 R09: 0000000000000000 [ 273.345265][ T9186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.345279][ T9186] R13: 00007f999b1e6038 R14: 00007f999b1e5fa0 R15: 00007ffda5221f08 [ 273.345314][ T9186] [ 276.054275][ T9241] netlink: 8 bytes leftover after parsing attributes in process `syz.0.675'. [ 276.279608][ T9241] FAULT_INJECTION: forcing a failure. [ 276.279608][ T9241] name failslab, interval 1, probability 0, space 0, times 0 [ 276.349939][ T9241] CPU: 0 UID: 0 PID: 9241 Comm: syz.0.675 Not tainted syzkaller #0 PREEMPT(full) [ 276.349961][ T9241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 276.349974][ T9241] Call Trace: [ 276.349983][ T9241] [ 276.349993][ T9241] dump_stack_lvl+0x16c/0x1f0 [ 276.350037][ T9241] should_fail_ex+0x512/0x640 [ 276.350067][ T9241] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 276.350089][ T9241] should_failslab+0xc2/0x120 [ 276.350104][ T9241] kmem_cache_alloc_noprof+0x75/0x6e0 [ 276.350121][ T9241] ? __asan_memcpy+0x3c/0x60 [ 276.350139][ T9241] ? __kernfs_new_node+0xd2/0x8e0 [ 276.350165][ T9241] ? __kernfs_new_node+0xd2/0x8e0 [ 276.350184][ T9241] __kernfs_new_node+0xd2/0x8e0 [ 276.350208][ T9241] ? __pfx___kernfs_new_node+0x10/0x10 [ 276.350235][ T9241] ? find_held_lock+0x2b/0x80 [ 276.350256][ T9241] ? kernfs_root+0xee/0x2a0 [ 276.350273][ T9241] kernfs_new_node+0x13c/0x1e0 [ 276.350291][ T9241] kernfs_create_link+0xcc/0x240 [ 276.350311][ T9241] sysfs_do_create_link_sd+0x90/0x140 [ 276.350334][ T9241] sysfs_create_link+0x61/0xc0 [ 276.350355][ T9241] device_add+0x62c/0x1aa0 [ 276.350371][ T9241] ? __pfx_device_add+0x10/0x10 [ 276.350382][ T9241] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 276.350403][ T9241] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 276.350428][ T9241] wiphy_register+0x1eb0/0x2b20 [ 276.350443][ T9241] ? netdev_run_todo+0x864/0x1320 [ 276.350462][ T9241] ? __pfx_wiphy_register+0x10/0x10 [ 276.350494][ T9241] ieee80211_register_hw+0x253d/0x4120 [ 276.350518][ T9241] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 276.350532][ T9241] ? __pfx___debug_object_init+0x10/0x10 [ 276.350555][ T9241] ? find_held_lock+0x2b/0x80 [ 276.350574][ T9241] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 276.350592][ T9241] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 276.350611][ T9241] ? __hrtimer_setup+0x176/0x280 [ 276.350629][ T9241] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 276.350657][ T9241] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 276.350678][ T9241] hwsim_new_radio_nl+0xba2/0x1330 [ 276.350696][ T9241] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 276.350717][ T9241] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 276.350734][ T9241] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 276.350754][ T9241] genl_family_rcv_msg_doit+0x209/0x2f0 [ 276.350771][ T9241] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 276.350793][ T9241] ? bpf_lsm_capable+0x9/0x10 [ 276.350806][ T9241] ? security_capable+0x7e/0x260 [ 276.350821][ T9241] ? ns_capable+0xd7/0x110 [ 276.350841][ T9241] genl_rcv_msg+0x55c/0x800 [ 276.350859][ T9241] ? __pfx_genl_rcv_msg+0x10/0x10 [ 276.350874][ T9241] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 276.350896][ T9241] netlink_rcv_skb+0x158/0x420 [ 276.350909][ T9241] ? __pfx_genl_rcv_msg+0x10/0x10 [ 276.350925][ T9241] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 276.350946][ T9241] ? netlink_deliver_tap+0x1ae/0xd30 [ 276.350970][ T9241] genl_rcv+0x28/0x40 [ 276.350983][ T9241] netlink_unicast+0x5aa/0x870 [ 276.351007][ T9241] ? __pfx_netlink_unicast+0x10/0x10 [ 276.351036][ T9241] netlink_sendmsg+0x8c8/0xdd0 [ 276.351060][ T9241] ? __pfx_netlink_sendmsg+0x10/0x10 [ 276.351094][ T9241] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 276.351125][ T9241] ____sys_sendmsg+0xa98/0xc70 [ 276.351154][ T9241] ? copy_msghdr_from_user+0x10a/0x160 [ 276.351189][ T9241] ? __pfx_____sys_sendmsg+0x10/0x10 [ 276.351228][ T9241] ? __pfx_futex_wake_mark+0x10/0x10 [ 276.351263][ T9241] ___sys_sendmsg+0x134/0x1d0 [ 276.351297][ T9241] ? futex_private_hash_put+0x176/0x300 [ 276.351338][ T9241] ? __pfx____sys_sendmsg+0x10/0x10 [ 276.351371][ T9241] ? __lock_acquire+0x622/0x1c90 [ 276.351444][ T9241] __sys_sendmsg+0x16d/0x220 [ 276.351491][ T9241] ? __pfx___sys_sendmsg+0x10/0x10 [ 276.351530][ T9241] ? __x64_sys_futex+0x1e0/0x4c0 [ 276.351581][ T9241] do_syscall_64+0xcd/0xfa0 [ 276.351623][ T9241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.351648][ T9241] RIP: 0033:0x7fa9ec58eec9 [ 276.351664][ T9241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.351678][ T9241] RSP: 002b:00007fa9ed4ec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 276.351692][ T9241] RAX: ffffffffffffffda RBX: 00007fa9ec7e5fa0 RCX: 00007fa9ec58eec9 [ 276.351701][ T9241] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000007 [ 276.351710][ T9241] RBP: 00007fa9ec611f91 R08: 0000000000000000 R09: 0000000000000000 [ 276.351719][ T9241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 276.351728][ T9241] R13: 00007fa9ec7e6038 R14: 00007fa9ec7e5fa0 R15: 00007ffeecaefec8 [ 276.351748][ T9241] [ 277.484087][ T9257] netlink: 8 bytes leftover after parsing attributes in process `syz.2.680'. [ 277.531422][ T9259] binder: 9252:9259 ioctl c018620c 0 returned -1 [ 277.577468][ T9257] FAULT_INJECTION: forcing a failure. [ 277.577468][ T9257] name failslab, interval 1, probability 0, space 0, times 0 [ 277.611378][ T9257] CPU: 1 UID: 0 PID: 9257 Comm: syz.2.680 Not tainted syzkaller #0 PREEMPT(full) [ 277.611414][ T9257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 277.611429][ T9257] Call Trace: [ 277.611438][ T9257] [ 277.611448][ T9257] dump_stack_lvl+0x16c/0x1f0 [ 277.611491][ T9257] should_fail_ex+0x512/0x640 [ 277.611528][ T9257] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 277.611567][ T9257] should_failslab+0xc2/0x120 [ 277.611593][ T9257] kmem_cache_alloc_noprof+0x75/0x6e0 [ 277.611627][ T9257] ? __kernfs_new_node+0xd2/0x8e0 [ 277.611672][ T9257] ? __kernfs_new_node+0xd2/0x8e0 [ 277.611708][ T9257] __kernfs_new_node+0xd2/0x8e0 [ 277.611751][ T9257] ? __pfx___kernfs_new_node+0x10/0x10 [ 277.611807][ T9257] ? find_held_lock+0x2b/0x80 [ 277.611844][ T9257] ? kernfs_root+0xee/0x2a0 [ 277.611877][ T9257] kernfs_new_node+0x13c/0x1e0 [ 277.611908][ T9257] __kernfs_create_file+0x53/0x350 [ 277.611943][ T9257] sysfs_add_file_mode_ns+0x207/0x3c0 [ 277.611985][ T9257] internal_create_group+0x578/0xf30 [ 277.612016][ T9257] ? __pfx_internal_create_group+0x10/0x10 [ 277.612043][ T9257] ? kernfs_create_link+0x1bd/0x240 [ 277.612077][ T9257] internal_create_groups+0x9d/0x150 [ 277.612104][ T9257] device_add+0x6d1/0x1aa0 [ 277.612133][ T9257] ? __pfx_device_add+0x10/0x10 [ 277.612155][ T9257] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 277.612193][ T9257] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 277.612238][ T9257] wiphy_register+0x1eb0/0x2b20 [ 277.612265][ T9257] ? netdev_run_todo+0x864/0x1320 [ 277.612311][ T9257] ? __pfx_wiphy_register+0x10/0x10 [ 277.612357][ T9257] ieee80211_register_hw+0x253d/0x4120 [ 277.612399][ T9257] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 277.612425][ T9257] ? __pfx___debug_object_init+0x10/0x10 [ 277.612465][ T9257] ? find_held_lock+0x2b/0x80 [ 277.612505][ T9257] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 277.612539][ T9257] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 277.612573][ T9257] ? __hrtimer_setup+0x176/0x280 [ 277.612608][ T9257] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 277.612659][ T9257] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 277.612699][ T9257] hwsim_new_radio_nl+0xba2/0x1330 [ 277.612731][ T9257] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 277.612771][ T9257] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 277.612801][ T9257] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 277.612840][ T9257] genl_family_rcv_msg_doit+0x209/0x2f0 [ 277.612872][ T9257] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 277.612913][ T9257] ? bpf_lsm_capable+0x9/0x10 [ 277.612938][ T9257] ? security_capable+0x7e/0x260 [ 277.612963][ T9257] ? ns_capable+0xd7/0x110 [ 277.613001][ T9257] genl_rcv_msg+0x55c/0x800 [ 277.613034][ T9257] ? __pfx_genl_rcv_msg+0x10/0x10 [ 277.613061][ T9257] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 277.613098][ T9257] netlink_rcv_skb+0x158/0x420 [ 277.613118][ T9257] ? __pfx_genl_rcv_msg+0x10/0x10 [ 277.613146][ T9257] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 277.613186][ T9257] ? netlink_deliver_tap+0x1ae/0xd30 [ 277.613229][ T9257] genl_rcv+0x28/0x40 [ 277.613252][ T9257] netlink_unicast+0x5aa/0x870 [ 277.613306][ T9257] ? __pfx_netlink_unicast+0x10/0x10 [ 277.613366][ T9257] netlink_sendmsg+0x8c8/0xdd0 [ 277.613413][ T9257] ? __pfx_netlink_sendmsg+0x10/0x10 [ 277.613459][ T9257] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 277.613493][ T9257] ____sys_sendmsg+0xa98/0xc70 [ 277.613523][ T9257] ? copy_msghdr_from_user+0x10a/0x160 [ 277.613560][ T9257] ? __pfx_____sys_sendmsg+0x10/0x10 [ 277.613607][ T9257] ___sys_sendmsg+0x134/0x1d0 [ 277.613641][ T9257] ? futex_private_hash_put+0x176/0x300 [ 277.613683][ T9257] ? __pfx____sys_sendmsg+0x10/0x10 [ 277.613716][ T9257] ? __lock_acquire+0x622/0x1c90 [ 277.613793][ T9257] __sys_sendmsg+0x16d/0x220 [ 277.613831][ T9257] ? __pfx___sys_sendmsg+0x10/0x10 [ 277.613868][ T9257] ? __x64_sys_futex+0x1e0/0x4c0 [ 277.613917][ T9257] do_syscall_64+0xcd/0xfa0 [ 277.613958][ T9257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.613986][ T9257] RIP: 0033:0x7f4de798eec9 [ 277.614007][ T9257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.614031][ T9257] RSP: 002b:00007f4de8768038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 277.614057][ T9257] RAX: ffffffffffffffda RBX: 00007f4de7be5fa0 RCX: 00007f4de798eec9 [ 277.614074][ T9257] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000007 [ 277.614091][ T9257] RBP: 00007f4de7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 277.614106][ T9257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 277.614122][ T9257] R13: 00007f4de7be6038 R14: 00007f4de7be5fa0 R15: 00007ffe561e7438 [ 277.614159][ T9257] [ 278.587635][ T9269] block nbd0: Unsupported socket: should be TCP or UNIX. [ 278.767074][ T9273] netlink: 8 bytes leftover after parsing attributes in process `syz.2.687'. [ 278.824121][ T9273] FAULT_INJECTION: forcing a failure. [ 278.824121][ T9273] name failslab, interval 1, probability 0, space 0, times 0 [ 278.969846][ T9273] CPU: 1 UID: 0 PID: 9273 Comm: syz.2.687 Not tainted syzkaller #0 PREEMPT(full) [ 278.969883][ T9273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 278.969898][ T9273] Call Trace: [ 278.969907][ T9273] [ 278.969917][ T9273] dump_stack_lvl+0x16c/0x1f0 [ 278.969959][ T9273] should_fail_ex+0x512/0x640 [ 278.969996][ T9273] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 278.970033][ T9273] should_failslab+0xc2/0x120 [ 278.970056][ T9273] kmem_cache_alloc_noprof+0x75/0x6e0 [ 278.970088][ T9273] ? __kernfs_new_node+0xd2/0x8e0 [ 278.970134][ T9273] ? __kernfs_new_node+0xd2/0x8e0 [ 278.970167][ T9273] __kernfs_new_node+0xd2/0x8e0 [ 278.970221][ T9273] ? __pfx___kernfs_new_node+0x10/0x10 [ 278.970267][ T9273] ? find_held_lock+0x2b/0x80 [ 278.970296][ T9273] ? kernfs_root+0xee/0x2a0 [ 278.970326][ T9273] kernfs_new_node+0x13c/0x1e0 [ 278.970357][ T9273] __kernfs_create_file+0x53/0x350 [ 278.970392][ T9273] sysfs_add_file_mode_ns+0x207/0x3c0 [ 278.970436][ T9273] sysfs_merge_group+0x1aa/0x340 [ 278.970461][ T9273] ? __pfx_sysfs_merge_group+0x10/0x10 [ 278.970491][ T9273] ? __pfx_dev_add_physical_location+0x10/0x10 [ 278.970536][ T9273] ? bus_to_subsys+0x131/0x160 [ 278.970569][ T9273] dpm_sysfs_add+0x237/0x280 [ 278.970611][ T9273] device_add+0x9a6/0x1aa0 [ 278.970639][ T9273] ? __pfx_device_add+0x10/0x10 [ 278.970661][ T9273] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 278.970697][ T9273] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 278.970760][ T9273] wiphy_register+0x1eb0/0x2b20 [ 278.970788][ T9273] ? netdev_run_todo+0x864/0x1320 [ 278.970827][ T9273] ? __pfx_wiphy_register+0x10/0x10 [ 278.970872][ T9273] ieee80211_register_hw+0x253d/0x4120 [ 278.970910][ T9273] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 278.970937][ T9273] ? __pfx___debug_object_init+0x10/0x10 [ 278.970976][ T9273] ? find_held_lock+0x2b/0x80 [ 278.971012][ T9273] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 278.971042][ T9273] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 278.971075][ T9273] ? __hrtimer_setup+0x176/0x280 [ 278.971109][ T9273] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 278.971156][ T9273] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 278.971192][ T9273] hwsim_new_radio_nl+0xba2/0x1330 [ 278.971233][ T9273] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 278.971270][ T9273] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 278.971301][ T9273] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 278.971339][ T9273] genl_family_rcv_msg_doit+0x209/0x2f0 [ 278.971384][ T9273] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 278.971423][ T9273] ? bpf_lsm_capable+0x9/0x10 [ 278.971447][ T9273] ? security_capable+0x7e/0x260 [ 278.971474][ T9273] ? ns_capable+0xd7/0x110 [ 278.971511][ T9273] genl_rcv_msg+0x55c/0x800 [ 278.971544][ T9273] ? __pfx_genl_rcv_msg+0x10/0x10 [ 278.971573][ T9273] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 278.971615][ T9273] netlink_rcv_skb+0x158/0x420 [ 278.971639][ T9273] ? __pfx_genl_rcv_msg+0x10/0x10 [ 278.971668][ T9273] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 278.971706][ T9273] ? netlink_deliver_tap+0x1ae/0xd30 [ 278.971748][ T9273] genl_rcv+0x28/0x40 [ 278.971770][ T9273] netlink_unicast+0x5aa/0x870 [ 278.971813][ T9273] ? __pfx_netlink_unicast+0x10/0x10 [ 278.971867][ T9273] netlink_sendmsg+0x8c8/0xdd0 [ 278.971909][ T9273] ? __pfx_netlink_sendmsg+0x10/0x10 [ 278.971951][ T9273] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 278.971984][ T9273] ____sys_sendmsg+0xa98/0xc70 [ 278.972013][ T9273] ? copy_msghdr_from_user+0x10a/0x160 [ 278.972050][ T9273] ? __pfx_____sys_sendmsg+0x10/0x10 [ 278.972086][ T9273] ? __pfx_futex_wake_mark+0x10/0x10 [ 278.972122][ T9273] ___sys_sendmsg+0x134/0x1d0 [ 278.972157][ T9273] ? futex_private_hash_put+0x176/0x300 [ 278.972208][ T9273] ? __pfx____sys_sendmsg+0x10/0x10 [ 278.972243][ T9273] ? __lock_acquire+0x622/0x1c90 [ 278.972320][ T9273] __sys_sendmsg+0x16d/0x220 [ 278.972358][ T9273] ? __pfx___sys_sendmsg+0x10/0x10 [ 278.972393][ T9273] ? __x64_sys_futex+0x1e0/0x4c0 [ 278.972444][ T9273] do_syscall_64+0xcd/0xfa0 [ 278.972484][ T9273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.972509][ T9273] RIP: 0033:0x7f4de798eec9 [ 278.972530][ T9273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.972554][ T9273] RSP: 002b:00007f4de8768038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 278.972579][ T9273] RAX: ffffffffffffffda RBX: 00007f4de7be5fa0 RCX: 00007f4de798eec9 [ 278.972599][ T9273] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000006 [ 278.972615][ T9273] RBP: 00007f4de7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 278.972630][ T9273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 278.972645][ T9273] R13: 00007f4de7be6038 R14: 00007f4de7be5fa0 R15: 00007ffe561e7438 [ 278.972681][ T9273] [ 280.857133][ T9302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.691'. [ 280.939851][ T9302] FAULT_INJECTION: forcing a failure. [ 280.939851][ T9302] name failslab, interval 1, probability 0, space 0, times 0 [ 280.994711][ T9302] CPU: 0 UID: 0 PID: 9302 Comm: syz.3.691 Not tainted syzkaller #0 PREEMPT(full) [ 280.994757][ T9302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 280.994773][ T9302] Call Trace: [ 280.994782][ T9302] [ 280.994792][ T9302] dump_stack_lvl+0x16c/0x1f0 [ 280.994836][ T9302] should_fail_ex+0x512/0x640 [ 280.994875][ T9302] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 280.994913][ T9302] should_failslab+0xc2/0x120 [ 280.994938][ T9302] kmem_cache_alloc_noprof+0x75/0x6e0 [ 280.994971][ T9302] ? __kernfs_new_node+0xd2/0x8e0 [ 280.995015][ T9302] ? __kernfs_new_node+0xd2/0x8e0 [ 280.995050][ T9302] __kernfs_new_node+0xd2/0x8e0 [ 280.995093][ T9302] ? __pfx___kernfs_new_node+0x10/0x10 [ 280.995140][ T9302] ? find_held_lock+0x2b/0x80 [ 280.995174][ T9302] ? kernfs_root+0xee/0x2a0 [ 280.995205][ T9302] kernfs_new_node+0x13c/0x1e0 [ 280.995239][ T9302] __kernfs_create_file+0x53/0x350 [ 280.995275][ T9302] sysfs_add_file_mode_ns+0x207/0x3c0 [ 280.995322][ T9302] internal_create_group+0x578/0xf30 [ 280.995356][ T9302] ? __pfx_internal_create_group+0x10/0x10 [ 280.995387][ T9302] ? kernfs_create_link+0x1bd/0x240 [ 280.995426][ T9302] internal_create_groups+0x9d/0x150 [ 280.995454][ T9302] device_add+0x6d1/0x1aa0 [ 280.995483][ T9302] ? __pfx_device_add+0x10/0x10 [ 280.995504][ T9302] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 280.995539][ T9302] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 280.995585][ T9302] wiphy_register+0x1eb0/0x2b20 [ 280.995611][ T9302] ? netdev_run_todo+0x864/0x1320 [ 280.995647][ T9302] ? __pfx_wiphy_register+0x10/0x10 [ 280.995693][ T9302] ieee80211_register_hw+0x253d/0x4120 [ 280.995737][ T9302] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 280.995771][ T9302] ? __pfx___debug_object_init+0x10/0x10 [ 280.995807][ T9302] ? find_held_lock+0x2b/0x80 [ 280.995838][ T9302] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 280.995868][ T9302] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 280.995898][ T9302] ? __hrtimer_setup+0x176/0x280 [ 280.995930][ T9302] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 280.995986][ T9302] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 280.996028][ T9302] hwsim_new_radio_nl+0xba2/0x1330 [ 280.996062][ T9302] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 280.996102][ T9302] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 280.996133][ T9302] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 280.996170][ T9302] genl_family_rcv_msg_doit+0x209/0x2f0 [ 280.996202][ T9302] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 280.996242][ T9302] ? bpf_lsm_capable+0x9/0x10 [ 280.996266][ T9302] ? security_capable+0x7e/0x260 [ 280.996292][ T9302] ? ns_capable+0xd7/0x110 [ 280.996329][ T9302] genl_rcv_msg+0x55c/0x800 [ 280.996361][ T9302] ? __pfx_genl_rcv_msg+0x10/0x10 [ 280.996389][ T9302] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 280.996430][ T9302] netlink_rcv_skb+0x158/0x420 [ 280.996454][ T9302] ? __pfx_genl_rcv_msg+0x10/0x10 [ 280.996483][ T9302] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 280.996522][ T9302] ? netlink_deliver_tap+0x1ae/0xd30 [ 280.996564][ T9302] genl_rcv+0x28/0x40 [ 280.996587][ T9302] netlink_unicast+0x5aa/0x870 [ 280.996630][ T9302] ? __pfx_netlink_unicast+0x10/0x10 [ 280.996683][ T9302] netlink_sendmsg+0x8c8/0xdd0 [ 280.996728][ T9302] ? __pfx_netlink_sendmsg+0x10/0x10 [ 280.996780][ T9302] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 280.996813][ T9302] ____sys_sendmsg+0xa98/0xc70 [ 280.996845][ T9302] ? copy_msghdr_from_user+0x10a/0x160 [ 280.996881][ T9302] ? __pfx_____sys_sendmsg+0x10/0x10 [ 280.996929][ T9302] ___sys_sendmsg+0x134/0x1d0 [ 280.996963][ T9302] ? futex_private_hash_put+0x176/0x300 [ 280.997003][ T9302] ? __pfx____sys_sendmsg+0x10/0x10 [ 280.997037][ T9302] ? __lock_acquire+0x622/0x1c90 [ 280.997109][ T9302] __sys_sendmsg+0x16d/0x220 [ 280.997145][ T9302] ? __pfx___sys_sendmsg+0x10/0x10 [ 280.997180][ T9302] ? __x64_sys_futex+0x1e0/0x4c0 [ 280.997229][ T9302] do_syscall_64+0xcd/0xfa0 [ 280.997269][ T9302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.997295][ T9302] RIP: 0033:0x7f999af8eec9 [ 280.997317][ T9302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.997343][ T9302] RSP: 002b:00007f999be8b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 280.997368][ T9302] RAX: ffffffffffffffda RBX: 00007f999b1e5fa0 RCX: 00007f999af8eec9 [ 280.997386][ T9302] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000007 [ 280.997403][ T9302] RBP: 00007f999b011f91 R08: 0000000000000000 R09: 0000000000000000 [ 280.997419][ T9302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.997434][ T9302] R13: 00007f999b1e6038 R14: 00007f999b1e5fa0 R15: 00007ffda5221f08 [ 280.997473][ T9302] [ 281.891757][ T9314] netlink: 268 bytes leftover after parsing attributes in process `syz.2.695'. [ 281.960579][ T9314] vhci_hcd: invalid port number 16 [ 281.967535][ T9307] binder: 9306:9307 ioctl c018620c 0 returned -1 [ 281.973150][ T9314] vhci_hcd: invalid port number 16 [ 281.987287][ T9314] random: crng reseeded on system resumption [ 282.007155][ T9314] FAULT_INJECTION: forcing a failure. [ 282.007155][ T9314] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 282.027035][ T9314] CPU: 0 UID: 0 PID: 9314 Comm: syz.2.695 Not tainted syzkaller #0 PREEMPT(full) [ 282.027070][ T9314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 282.027086][ T9314] Call Trace: [ 282.027095][ T9314] [ 282.027105][ T9314] dump_stack_lvl+0x16c/0x1f0 [ 282.027147][ T9314] should_fail_ex+0x512/0x640 [ 282.027191][ T9314] should_fail_alloc_page+0xe7/0x130 [ 282.027215][ T9314] prepare_alloc_pages+0x3c2/0x610 [ 282.027229][ T9314] ? rcu_is_watching+0x12/0xc0 [ 282.027255][ T9314] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 282.027283][ T9314] ? stack_trace_save+0x8e/0xc0 [ 282.027304][ T9314] ? __pfx_stack_trace_save+0x10/0x10 [ 282.027325][ T9314] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 282.027346][ T9314] ? kasan_save_stack+0x42/0x60 [ 282.027365][ T9314] ? kasan_save_stack+0x33/0x60 [ 282.027387][ T9314] ? do_dentry_open+0x982/0x1530 [ 282.027406][ T9314] ? vfs_open+0x82/0x3f0 [ 282.027418][ T9314] ? path_openat+0x1de4/0x2cb0 [ 282.027435][ T9314] ? do_filp_open+0x20b/0x470 [ 282.027452][ T9314] ? do_sys_openat2+0x11b/0x1d0 [ 282.027466][ T9314] ? __x64_sys_openat+0x174/0x210 [ 282.027479][ T9314] ? do_syscall_64+0xcd/0xfa0 [ 282.027498][ T9314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.027513][ T9314] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 282.027531][ T9314] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 282.027549][ T9314] ? policy_nodemask+0xea/0x4e0 [ 282.027565][ T9314] alloc_pages_mpol+0x1fb/0x550 [ 282.027579][ T9314] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 282.027598][ T9314] alloc_pages_noprof+0x131/0x390 [ 282.027613][ T9314] get_zeroed_page_noprof+0x18/0xb0 [ 282.027634][ T9314] get_image_page+0x18/0x190 [ 282.027653][ T9314] alloc_rtree_node+0x3c/0xb0 [ 282.027672][ T9314] memory_bm_create+0x519/0x810 [ 282.027706][ T9314] create_basic_memory_bitmaps+0xbd/0x320 [ 282.027730][ T9314] snapshot_open+0x235/0x2b0 [ 282.027743][ T9314] ? __pfx_snapshot_open+0x10/0x10 [ 282.027757][ T9314] misc_open+0x26d/0x450 [ 282.027779][ T9314] ? __pfx_misc_open+0x10/0x10 [ 282.027799][ T9314] chrdev_open+0x234/0x6a0 [ 282.027819][ T9314] ? __pfx_apparmor_file_open+0x10/0x10 [ 282.027834][ T9314] ? __pfx_chrdev_open+0x10/0x10 [ 282.027856][ T9314] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 282.027879][ T9314] do_dentry_open+0x982/0x1530 [ 282.027899][ T9314] ? __pfx_chrdev_open+0x10/0x10 [ 282.027924][ T9314] vfs_open+0x82/0x3f0 [ 282.027941][ T9314] path_openat+0x1de4/0x2cb0 [ 282.027966][ T9314] ? __pfx_path_openat+0x10/0x10 [ 282.027987][ T9314] ? __lock_acquire+0xb8a/0x1c90 [ 282.028003][ T9314] do_filp_open+0x20b/0x470 [ 282.028023][ T9314] ? __pfx_do_filp_open+0x10/0x10 [ 282.028056][ T9314] ? alloc_fd+0x471/0x7d0 [ 282.028080][ T9314] do_sys_openat2+0x11b/0x1d0 [ 282.028095][ T9314] ? __pfx_do_sys_openat2+0x10/0x10 [ 282.028117][ T9314] __x64_sys_openat+0x174/0x210 [ 282.028133][ T9314] ? __pfx___x64_sys_openat+0x10/0x10 [ 282.028157][ T9314] do_syscall_64+0xcd/0xfa0 [ 282.028178][ T9314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.028192][ T9314] RIP: 0033:0x7f4de798eec9 [ 282.028204][ T9314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.028218][ T9314] RSP: 002b:00007f4de8768038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 282.028233][ T9314] RAX: ffffffffffffffda RBX: 00007f4de7be5fa0 RCX: 00007f4de798eec9 [ 282.028242][ T9314] RDX: 0000000000180b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 282.028251][ T9314] RBP: 00007f4de7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 282.028260][ T9314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 282.028269][ T9314] R13: 00007f4de7be6038 R14: 00007f4de7be5fa0 R15: 00007ffe561e7438 [ 282.028289][ T9314] [ 282.787621][ T9330] FAULT_INJECTION: forcing a failure. [ 282.787621][ T9330] name failslab, interval 1, probability 0, space 0, times 0 [ 282.849943][ T9330] CPU: 0 UID: 0 PID: 9330 Comm: syz.3.698 Not tainted syzkaller #0 PREEMPT(full) [ 282.849979][ T9330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 282.849995][ T9330] Call Trace: [ 282.850003][ T9330] [ 282.850014][ T9330] dump_stack_lvl+0x16c/0x1f0 [ 282.850055][ T9330] should_fail_ex+0x512/0x640 [ 282.850093][ T9330] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 282.850133][ T9330] should_failslab+0xc2/0x120 [ 282.850158][ T9330] kmem_cache_alloc_noprof+0x75/0x6e0 [ 282.850192][ T9330] ? security_file_alloc+0x34/0x2b0 [ 282.850232][ T9330] ? security_file_alloc+0x34/0x2b0 [ 282.850263][ T9330] security_file_alloc+0x34/0x2b0 [ 282.850295][ T9330] init_file+0x93/0x4c0 [ 282.850322][ T9330] alloc_empty_file+0x73/0x1e0 [ 282.850350][ T9330] alloc_file_pseudo+0x13a/0x230 [ 282.850380][ T9330] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 282.850419][ T9330] __shmem_file_setup+0x1a3/0x330 [ 282.850454][ T9330] shmem_zero_setup+0x93/0x1a0 [ 282.850492][ T9330] __mmap_region+0x2076/0x27a0 [ 282.850530][ T9330] ? __pfx___mmap_region+0x10/0x10 [ 282.850561][ T9330] ? lock_acquire+0x179/0x350 [ 282.850586][ T9330] ? find_held_lock+0x2b/0x80 [ 282.850620][ T9330] ? finish_task_switch.isra.0+0x21c/0xc10 [ 282.850657][ T9330] ? rcu_is_watching+0x12/0xc0 [ 282.850689][ T9330] ? finish_task_switch.isra.0+0x221/0xc10 [ 282.850732][ T9330] ? trace_sched_exit_tp+0xd1/0x120 [ 282.850763][ T9330] ? __schedule+0x11a3/0x5de0 [ 282.850858][ T9330] ? trace_cap_capable+0x18d/0x200 [ 282.850903][ T9330] mmap_region+0x1ab/0x3f0 [ 282.850933][ T9330] ? __get_unmapped_area+0x267/0x440 [ 282.850957][ T9330] do_mmap+0xa3e/0x1210 [ 282.850985][ T9330] ? __pfx_do_mmap+0x10/0x10 [ 282.851007][ T9330] ? __pfx_down_write_killable+0x10/0x10 [ 282.851031][ T9330] ? kmem_cache_free+0x2d4/0x6c0 [ 282.851072][ T9330] vm_mmap_pgoff+0x29e/0x470 [ 282.851116][ T9330] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 282.851163][ T9330] ? __x64_sys_futex+0x1e0/0x4c0 [ 282.851185][ T9330] ? __x64_sys_futex+0x1e9/0x4c0 [ 282.851212][ T9330] ksys_mmap_pgoff+0x7d/0x5c0 [ 282.851247][ T9330] ? xfd_validate_state+0x61/0x180 [ 282.851280][ T9330] __x64_sys_mmap+0x125/0x190 [ 282.851313][ T9330] do_syscall_64+0xcd/0xfa0 [ 282.851351][ T9330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.851377][ T9330] RIP: 0033:0x7f999af8eec9 [ 282.851398][ T9330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.851422][ T9330] RSP: 002b:00007f999be8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 282.851448][ T9330] RAX: ffffffffffffffda RBX: 00007f999b1e5fa0 RCX: 00007f999af8eec9 [ 282.851466][ T9330] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 282.851482][ T9330] RBP: 00007f999b011f91 R08: 0000000000000401 R09: 0000000000008000 [ 282.851498][ T9330] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 282.851512][ T9330] R13: 00007f999b1e6038 R14: 00007f999b1e5fa0 R15: 00007ffda5221f08 [ 282.851546][ T9330] [ 283.714935][ T9346] netlink: 12 bytes leftover after parsing attributes in process `syz.1.703'. [ 283.742830][ T9346] tc_dump_action: action bad kind [ 283.865137][ T9351] netlink: 8 bytes leftover after parsing attributes in process `syz.0.704'. [ 285.852920][ T9404] netlink: 8 bytes leftover after parsing attributes in process `syz.2.716'. [ 286.492256][ T9399] FAULT_INJECTION: forcing a failure. [ 286.492256][ T9399] name failslab, interval 1, probability 0, space 0, times 0 [ 286.524854][ T9399] CPU: 1 UID: 0 PID: 9399 Comm: syz.1.715 Not tainted syzkaller #0 PREEMPT(full) [ 286.524875][ T9399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 286.524883][ T9399] Call Trace: [ 286.524888][ T9399] [ 286.524894][ T9399] dump_stack_lvl+0x16c/0x1f0 [ 286.524918][ T9399] should_fail_ex+0x512/0x640 [ 286.524940][ T9399] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 286.524960][ T9399] should_failslab+0xc2/0x120 [ 286.524973][ T9399] kmem_cache_alloc_noprof+0x75/0x6e0 [ 286.524991][ T9399] ? vm_area_alloc+0x1f/0x160 [ 286.525011][ T9399] ? vm_area_alloc+0x1f/0x160 [ 286.525025][ T9399] vm_area_alloc+0x1f/0x160 [ 286.525040][ T9399] __mmap_region+0xf85/0x27a0 [ 286.525061][ T9399] ? __pfx___mmap_region+0x10/0x10 [ 286.525080][ T9399] ? lock_acquire+0x179/0x350 [ 286.525095][ T9399] ? find_held_lock+0x2b/0x80 [ 286.525113][ T9399] ? page_table_check_set+0x627/0x750 [ 286.525138][ T9399] ? __lock_acquire+0x622/0x1c90 [ 286.525182][ T9399] ? trace_cap_capable+0x18d/0x200 [ 286.525203][ T9399] mmap_region+0x1ab/0x3f0 [ 286.525220][ T9399] ? __get_unmapped_area+0x267/0x440 [ 286.525235][ T9399] do_mmap+0xa3e/0x1210 [ 286.525251][ T9399] ? __pfx_do_mmap+0x10/0x10 [ 286.525264][ T9399] ? __pfx_down_write_killable+0x10/0x10 [ 286.525282][ T9399] vm_mmap_pgoff+0x29e/0x470 [ 286.525307][ T9399] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 286.525330][ T9399] ? __fget_files+0x20e/0x3c0 [ 286.525356][ T9399] ksys_mmap_pgoff+0x7d/0x5c0 [ 286.525377][ T9399] ? __pfx_ksys_write+0x10/0x10 [ 286.525398][ T9399] __x64_sys_mmap+0x125/0x190 [ 286.525417][ T9399] do_syscall_64+0xcd/0xfa0 [ 286.525438][ T9399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.525453][ T9399] RIP: 0033:0x7fd28a38eec9 [ 286.525465][ T9399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.525478][ T9399] RSP: 002b:00007fd2885f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 286.525492][ T9399] RAX: ffffffffffffffda RBX: 00007fd28a5e5fa0 RCX: 00007fd28a38eec9 [ 286.525501][ T9399] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 286.525509][ T9399] RBP: 00007fd2885f6090 R08: 0000000000000002 R09: 0000000000008000 [ 286.525517][ T9399] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001 [ 286.525525][ T9399] R13: 00007fd28a5e6038 R14: 00007fd28a5e5fa0 R15: 00007ffc069f2878 [ 286.525544][ T9399] [ 288.761761][ T9469] netlink: 8 bytes leftover after parsing attributes in process `syz.2.726'. [ 289.727119][ T9496] netlink: 12 bytes leftover after parsing attributes in process `syz.1.733'. [ 289.736144][ T9496] tc_dump_action: action bad kind [ 289.780438][ T9498] tipc: Enabling of bearer <@):^\/\> rejected, media not registered [ 290.356186][ T9513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.738'. [ 292.059304][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.3.744'. [ 292.126304][ T9545] netlink: 13 bytes leftover after parsing attributes in process `syz.3.744'. [ 292.167493][ T9545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.744'. [ 293.516938][ T9568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.748'. [ 295.981704][ T9621] netlink: 8 bytes leftover after parsing attributes in process `syz.2.760'. [ 296.155487][ T9625] device-mapper: ioctl: Invalid ioctl structure: name , dev b00010007 [ 296.455000][ T9628] netlink: 338 bytes leftover after parsing attributes in process `syz.2.763'. [ 296.482427][ T9626] Process accounting resumed [ 297.023842][ T9658] netlink: 268 bytes leftover after parsing attributes in process `syz.0.771'. [ 297.114033][ T9647] sp0: Synchronizing with TNC è[ 297.162447][ T9662] vhci_hcd: invalid port number 16 [ 297.165947][ T9664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.772'. [ 297.188843][ T9662] vhci_hcd: invalid port number 16 [ 297.205422][ T9662] random: crng reseeded on system resumption [ 297.237259][ T9662] FAULT_INJECTION: forcing a failure. [ 297.237259][ T9662] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 297.256188][ T9662] CPU: 1 UID: 0 PID: 9662 Comm: syz.0.771 Not tainted syzkaller #0 PREEMPT(full) [ 297.256222][ T9662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 297.256239][ T9662] Call Trace: [ 297.256247][ T9662] [ 297.256258][ T9662] dump_stack_lvl+0x16c/0x1f0 [ 297.256300][ T9662] should_fail_ex+0x512/0x640 [ 297.256343][ T9662] should_fail_alloc_page+0xe7/0x130 [ 297.256372][ T9662] prepare_alloc_pages+0x3c2/0x610 [ 297.256397][ T9662] ? rcu_is_watching+0x12/0xc0 [ 297.256442][ T9662] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 297.256489][ T9662] ? stack_trace_save+0x8e/0xc0 [ 297.256526][ T9662] ? __pfx_stack_trace_save+0x10/0x10 [ 297.256567][ T9662] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 297.256606][ T9662] ? kasan_save_stack+0x42/0x60 [ 297.256640][ T9662] ? kasan_save_stack+0x33/0x60 [ 297.256679][ T9662] ? do_dentry_open+0x982/0x1530 [ 297.256713][ T9662] ? vfs_open+0x82/0x3f0 [ 297.256736][ T9662] ? path_openat+0x1de4/0x2cb0 [ 297.256767][ T9662] ? do_filp_open+0x20b/0x470 [ 297.256798][ T9662] ? do_sys_openat2+0x11b/0x1d0 [ 297.256823][ T9662] ? __x64_sys_openat+0x174/0x210 [ 297.256850][ T9662] ? do_syscall_64+0xcd/0xfa0 [ 297.256883][ T9662] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.256912][ T9662] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 297.256949][ T9662] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 297.256984][ T9662] ? policy_nodemask+0xea/0x4e0 [ 297.257024][ T9662] alloc_pages_mpol+0x1fb/0x550 [ 297.257053][ T9662] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 297.257090][ T9662] alloc_pages_noprof+0x131/0x390 [ 297.257118][ T9662] get_zeroed_page_noprof+0x18/0xb0 [ 297.257155][ T9662] get_image_page+0x18/0x190 [ 297.257189][ T9662] alloc_rtree_node+0x3c/0xb0 [ 297.257222][ T9662] memory_bm_create+0x519/0x810 [ 297.257277][ T9662] create_basic_memory_bitmaps+0xbd/0x320 [ 297.257321][ T9662] snapshot_open+0x235/0x2b0 [ 297.257345][ T9662] ? __pfx_snapshot_open+0x10/0x10 [ 297.257370][ T9662] misc_open+0x26d/0x450 [ 297.257409][ T9662] ? __pfx_misc_open+0x10/0x10 [ 297.257452][ T9662] chrdev_open+0x234/0x6a0 [ 297.257490][ T9662] ? __pfx_apparmor_file_open+0x10/0x10 [ 297.257518][ T9662] ? __pfx_chrdev_open+0x10/0x10 [ 297.257560][ T9662] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 297.257604][ T9662] do_dentry_open+0x982/0x1530 [ 297.257641][ T9662] ? __pfx_chrdev_open+0x10/0x10 [ 297.257685][ T9662] vfs_open+0x82/0x3f0 [ 297.257716][ T9662] path_openat+0x1de4/0x2cb0 [ 297.257764][ T9662] ? __pfx_path_openat+0x10/0x10 [ 297.257800][ T9662] ? __lock_acquire+0xb8a/0x1c90 [ 297.257831][ T9662] do_filp_open+0x20b/0x470 [ 297.257867][ T9662] ? __pfx_do_filp_open+0x10/0x10 [ 297.257929][ T9662] ? alloc_fd+0x471/0x7d0 [ 297.257971][ T9662] do_sys_openat2+0x11b/0x1d0 [ 297.257999][ T9662] ? __pfx_do_sys_openat2+0x10/0x10 [ 297.258042][ T9662] __x64_sys_openat+0x174/0x210 [ 297.258070][ T9662] ? __pfx___x64_sys_openat+0x10/0x10 [ 297.258114][ T9662] do_syscall_64+0xcd/0xfa0 [ 297.258152][ T9662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.258178][ T9662] RIP: 0033:0x7fa9ec58eec9 [ 297.258199][ T9662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.258223][ T9662] RSP: 002b:00007fa9ed4cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 297.258249][ T9662] RAX: ffffffffffffffda RBX: 00007fa9ec7e6090 RCX: 00007fa9ec58eec9 [ 297.258266][ T9662] RDX: 0000000000180b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 297.258284][ T9662] RBP: 00007fa9ec611f91 R08: 0000000000000000 R09: 0000000000000000 [ 297.258300][ T9662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 297.258316][ T9662] R13: 00007fa9ec7e6128 R14: 00007fa9ec7e6090 R15: 00007ffeecaefec8 [ 297.258355][ T9662] [ 297.929490][ T9668] random: crng reseeded on system resumption [ 299.126338][ T9704] netlink: 8 bytes leftover after parsing attributes in process `syz.2.783'. [ 301.515057][ T9740] FAULT_INJECTION: forcing a failure. [ 301.515057][ T9740] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 301.702313][ T9740] CPU: 0 UID: 0 PID: 9740 Comm: syz.1.792 Not tainted syzkaller #0 PREEMPT(full) [ 301.702347][ T9740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 301.702361][ T9740] Call Trace: [ 301.702368][ T9740] [ 301.702378][ T9740] dump_stack_lvl+0x16c/0x1f0 [ 301.702417][ T9740] should_fail_ex+0x512/0x640 [ 301.702459][ T9740] should_fail_alloc_page+0xe7/0x130 [ 301.702485][ T9740] prepare_alloc_pages+0x3c2/0x610 [ 301.702515][ T9740] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 301.702562][ T9740] ? mas_find+0x156/0x6d0 [ 301.702597][ T9740] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 301.702628][ T9740] ? validate_mm+0x403/0x560 [ 301.702661][ T9740] ? __pfx_validate_mm+0x10/0x10 [ 301.702699][ T9740] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 301.702728][ T9740] ? vma_wants_writenotify+0x10b/0x390 [ 301.702759][ T9740] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 301.702792][ T9740] ? policy_nodemask+0xea/0x4e0 [ 301.702819][ T9740] alloc_pages_mpol+0x1fb/0x550 [ 301.702844][ T9740] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 301.702879][ T9740] alloc_pages_noprof+0x131/0x390 [ 301.702904][ T9740] __pmd_alloc+0x3b/0x8b0 [ 301.702925][ T9740] ? find_held_lock+0x2b/0x80 [ 301.702960][ T9740] __handle_mm_fault+0xada/0x2aa0 [ 301.702998][ T9740] ? __pfx___handle_mm_fault+0x10/0x10 [ 301.703057][ T9740] handle_mm_fault+0x589/0xd10 [ 301.703093][ T9740] __get_user_pages+0x54e/0x3530 [ 301.703138][ T9740] ? __pfx___get_user_pages+0x10/0x10 [ 301.703173][ T9740] populate_vma_page_range+0x267/0x3f0 [ 301.703202][ T9740] ? __pfx_populate_vma_page_range+0x10/0x10 [ 301.703226][ T9740] ? __pfx_find_vma_intersection+0x10/0x10 [ 301.703265][ T9740] ? do_mmap+0x69c/0x1210 [ 301.703291][ T9740] __mm_populate+0x1d8/0x380 [ 301.703318][ T9740] ? __pfx___mm_populate+0x10/0x10 [ 301.703350][ T9740] ? up_write+0x1b2/0x520 [ 301.703381][ T9740] vm_mmap_pgoff+0x37f/0x470 [ 301.703422][ T9740] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 301.703461][ T9740] ? __fget_files+0x20e/0x3c0 [ 301.703502][ T9740] ksys_mmap_pgoff+0x7d/0x5c0 [ 301.703538][ T9740] ? __pfx_ksys_write+0x10/0x10 [ 301.703574][ T9740] __x64_sys_mmap+0x125/0x190 [ 301.703606][ T9740] do_syscall_64+0xcd/0xfa0 [ 301.703642][ T9740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.703666][ T9740] RIP: 0033:0x7fd28a38eec9 [ 301.703686][ T9740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.703709][ T9740] RSP: 002b:00007fd2885f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 301.703732][ T9740] RAX: ffffffffffffffda RBX: 00007fd28a5e5fa0 RCX: 00007fd28a38eec9 [ 301.703748][ T9740] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 301.703763][ T9740] RBP: 00007fd2885f6090 R08: 0000000000000002 R09: 0000000000008000 [ 301.703779][ T9740] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001 [ 301.703793][ T9740] R13: 00007fd28a5e6038 R14: 00007fd28a5e5fa0 R15: 00007ffc069f2878 [ 301.703828][ T9740] `è[ 302.283218][ T9753] device-mapper: ioctl: Invalid ioctl structure: name , dev b00010007 [ 303.500596][ T9558] sp0: Synchronizing with TNC è[ 303.915457][ T9779] netlink: 8 bytes leftover after parsing attributes in process `syz.0.800'. syzkaller syzkaller login: [ 308.835610][ T9842] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 308.844755][ T9842] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 308.851341][ T9842] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 308.865185][ T9842] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 310.876202][ T7236] Bluetooth: hci2: command 0x0c1a tx timeout [ 310.882261][ T6768] Bluetooth: hci1: command 0x0c1a tx timeout [ 310.883237][ T8329] Bluetooth: hci0: command 0x0c1a tx timeout [ 310.896145][ T6779] Bluetooth: hci3: command 0x0c1a tx timeout [ 312.322634][ T9948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.833'. [ 312.332451][ T9948] FAULT_INJECTION: forcing a failure. [ 312.332451][ T9948] name failslab, interval 1, probability 0, space 0, times 0 [ 312.368774][ T9948] CPU: 1 UID: 0 PID: 9948 Comm: syz.2.833 Not tainted syzkaller #0 PREEMPT(full) [ 312.368809][ T9948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 312.368834][ T9948] Call Trace: [ 312.368844][ T9948] [ 312.368854][ T9948] dump_stack_lvl+0x16c/0x1f0 [ 312.368899][ T9948] should_fail_ex+0x512/0x640 [ 312.368937][ T9948] ? __kmalloc_cache_node_noprof+0x62/0x7a0 [ 312.368984][ T9948] should_failslab+0xc2/0x120 [ 312.369011][ T9948] __kmalloc_cache_node_noprof+0x75/0x7a0 [ 312.369050][ T9948] ? __alloc_workqueue+0x670/0x1810 [ 312.369077][ T9948] ? lockdep_init_map_type+0x5c/0x280 [ 312.369109][ T9948] ? __alloc_workqueue+0x670/0x1810 [ 312.369133][ T9948] __alloc_workqueue+0x670/0x1810 [ 312.369171][ T9948] alloc_workqueue_noprof+0xd2/0x200 [ 312.369198][ T9948] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 312.369227][ T9948] ? rcu_is_watching+0x12/0xc0 [ 312.369272][ T9948] ? trace_kmalloc+0x2b/0xd0 [ 312.369294][ T9948] ? __kmalloc_noprof+0x34f/0x880 [ 312.369326][ T9948] ? ieee80211_register_hw+0x15c9/0x4120 [ 312.369362][ T9948] ieee80211_register_hw+0x1f1a/0x4120 [ 312.369403][ T9948] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 312.369430][ T9948] ? __pfx___debug_object_init+0x10/0x10 [ 312.369469][ T9948] ? find_held_lock+0x2b/0x80 [ 312.369504][ T9948] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 312.369539][ T9948] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 312.369573][ T9948] ? __hrtimer_setup+0x176/0x280 [ 312.369608][ T9948] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 312.369658][ T9948] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 312.369699][ T9948] hwsim_new_radio_nl+0xba2/0x1330 [ 312.369732][ T9948] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 312.369772][ T9948] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 312.369804][ T9948] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 312.369842][ T9948] genl_family_rcv_msg_doit+0x209/0x2f0 [ 312.369874][ T9948] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 312.369916][ T9948] ? bpf_lsm_capable+0x9/0x10 [ 312.369940][ T9948] ? security_capable+0x7e/0x260 [ 312.369967][ T9948] ? ns_capable+0xd7/0x110 [ 312.370005][ T9948] genl_rcv_msg+0x55c/0x800 [ 312.370037][ T9948] ? __pfx_genl_rcv_msg+0x10/0x10 [ 312.370067][ T9948] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 312.370108][ T9948] netlink_rcv_skb+0x158/0x420 [ 312.370132][ T9948] ? __pfx_genl_rcv_msg+0x10/0x10 [ 312.370162][ T9948] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 312.370202][ T9948] ? netlink_deliver_tap+0x1ae/0xd30 [ 312.370252][ T9948] genl_rcv+0x28/0x40 [ 312.370278][ T9948] netlink_unicast+0x5aa/0x870 [ 312.370323][ T9948] ? __pfx_netlink_unicast+0x10/0x10 [ 312.370378][ T9948] netlink_sendmsg+0x8c8/0xdd0 [ 312.370426][ T9948] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.370471][ T9948] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 312.370504][ T9948] ____sys_sendmsg+0xa98/0xc70 [ 312.370534][ T9948] ? copy_msghdr_from_user+0x10a/0x160 [ 312.370571][ T9948] ? __pfx_____sys_sendmsg+0x10/0x10 [ 312.370610][ T9948] ? __pfx_futex_wake_mark+0x10/0x10 [ 312.370646][ T9948] ___sys_sendmsg+0x134/0x1d0 [ 312.370681][ T9948] ? futex_private_hash_put+0x176/0x300 [ 312.370720][ T9948] ? __pfx____sys_sendmsg+0x10/0x10 [ 312.370752][ T9948] ? __lock_acquire+0x622/0x1c90 [ 312.370823][ T9948] __sys_sendmsg+0x16d/0x220 [ 312.370862][ T9948] ? __pfx___sys_sendmsg+0x10/0x10 [ 312.370899][ T9948] ? __x64_sys_futex+0x1e0/0x4c0 [ 312.370947][ T9948] do_syscall_64+0xcd/0xfa0 [ 312.370988][ T9948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.371015][ T9948] RIP: 0033:0x7f4de798eec9 [ 312.371035][ T9948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.371060][ T9948] RSP: 002b:00007f4de8768038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 312.371085][ T9948] RAX: ffffffffffffffda RBX: 00007f4de7be5fa0 RCX: 00007f4de798eec9 [ 312.371103][ T9948] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000006 [ 312.371120][ T9948] RBP: 00007f4de7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 312.371136][ T9948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 312.371152][ T9948] R13: 00007f4de7be6038 R14: 00007f4de7be5fa0 R15: 00007ffe561e7438 [ 312.371190][ T9948] [ 313.282610][ T9968] netlink: 4 bytes leftover after parsing attributes in process `syz.2.839'. [ 313.305492][ T9968] netlink: 13 bytes leftover after parsing attributes in process `syz.2.839'. [ 313.366412][ T9968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.839'. [ 315.228763][T10014] FAULT_INJECTION: forcing a failure. [ 315.228763][T10014] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 315.242231][T10014] CPU: 1 UID: 0 PID: 10014 Comm: syz.1.847 Not tainted syzkaller #0 PREEMPT(full) [ 315.242261][T10014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 315.242274][T10014] Call Trace: [ 315.242283][T10014] [ 315.242292][T10014] dump_stack_lvl+0x16c/0x1f0 [ 315.242328][T10014] should_fail_ex+0x512/0x640 [ 315.242368][T10014] _copy_from_iter+0x29f/0x1720 [ 315.242409][T10014] ? __pfx__copy_from_iter+0x10/0x10 [ 315.242449][T10014] ? __pfx___might_resched+0x10/0x10 [ 315.242486][T10014] file_tty_write.constprop.0+0x487/0x9b0 [ 315.242523][T10014] redirected_tty_write+0xd4/0x150 [ 315.242550][T10014] vfs_write+0x7d3/0x11d0 [ 315.242583][T10014] ? __pfx_redirected_tty_write+0x10/0x10 [ 315.242612][T10014] ? __pfx_vfs_write+0x10/0x10 [ 315.242636][T10014] ? find_held_lock+0x2b/0x80 [ 315.242683][T10014] ksys_write+0x12a/0x250 [ 315.242710][T10014] ? __pfx_ksys_write+0x10/0x10 [ 315.242747][T10014] do_syscall_64+0xcd/0xfa0 [ 315.242778][T10014] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.242799][T10014] RIP: 0033:0x7fd28a38eec9 [ 315.242816][T10014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.242834][T10014] RSP: 002b:00007fd288593038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 315.242854][T10014] RAX: ffffffffffffffda RBX: 00007fd28a5e6270 RCX: 00007fd28a38eec9 [ 315.242868][T10014] RDX: 0000000000000c2d RSI: 0000200000000e00 RDI: 000000000000000a [ 315.242881][T10014] RBP: 00007fd288593090 R08: 0000000000000000 R09: 0000000000000000 [ 315.242893][T10014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.242905][T10014] R13: 00007fd28a5e6308 R14: 00007fd28a5e6270 R15: 00007ffc069f2878 [ 315.242950][T10014] [ 315.683469][T10016] netlink: 8 bytes leftover after parsing attributes in process `syz.0.849'. [ 315.693627][T10016] FAULT_INJECTION: forcing a failure. [ 315.693627][T10016] name failslab, interval 1, probability 0, space 0, times 0 [ 315.752529][T10016] CPU: 1 UID: 0 PID: 10016 Comm: syz.0.849 Not tainted syzkaller #0 PREEMPT(full) [ 315.752566][T10016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 315.752582][T10016] Call Trace: [ 315.752591][T10016] [ 315.752602][T10016] dump_stack_lvl+0x16c/0x1f0 [ 315.752645][T10016] should_fail_ex+0x512/0x640 [ 315.752682][T10016] ? __kmalloc_cache_node_noprof+0x62/0x7a0 [ 315.752726][T10016] should_failslab+0xc2/0x120 [ 315.752754][T10016] __kmalloc_cache_node_noprof+0x75/0x7a0 [ 315.752792][T10016] ? __alloc_workqueue+0x670/0x1810 [ 315.752825][T10016] ? __alloc_workqueue+0x670/0x1810 [ 315.752851][T10016] __alloc_workqueue+0x670/0x1810 [ 315.752889][T10016] alloc_workqueue_noprof+0xd2/0x200 [ 315.752916][T10016] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 315.752944][T10016] ? rcu_is_watching+0x12/0xc0 [ 315.752980][T10016] ? trace_kmalloc+0x2b/0xd0 [ 315.753002][T10016] ? __kmalloc_noprof+0x34f/0x880 [ 315.753033][T10016] ? ieee80211_register_hw+0x15c9/0x4120 [ 315.753066][T10016] ieee80211_register_hw+0x1f1a/0x4120 [ 315.753106][T10016] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 315.753131][T10016] ? __pfx___debug_object_init+0x10/0x10 [ 315.753178][T10016] ? find_held_lock+0x2b/0x80 [ 315.753215][T10016] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 315.753252][T10016] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 315.753287][T10016] ? __hrtimer_setup+0x176/0x280 [ 315.753321][T10016] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 315.753374][T10016] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 315.753416][T10016] hwsim_new_radio_nl+0xba2/0x1330 [ 315.753449][T10016] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 315.753489][T10016] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 315.753521][T10016] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 315.753559][T10016] genl_family_rcv_msg_doit+0x209/0x2f0 [ 315.753591][T10016] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 315.753631][T10016] ? bpf_lsm_capable+0x9/0x10 [ 315.753655][T10016] ? security_capable+0x7e/0x260 [ 315.753682][T10016] ? ns_capable+0xd7/0x110 [ 315.753719][T10016] genl_rcv_msg+0x55c/0x800 [ 315.753752][T10016] ? __pfx_genl_rcv_msg+0x10/0x10 [ 315.753782][T10016] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 315.753823][T10016] netlink_rcv_skb+0x158/0x420 [ 315.753848][T10016] ? __pfx_genl_rcv_msg+0x10/0x10 [ 315.753878][T10016] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 315.753917][T10016] ? netlink_deliver_tap+0x1ae/0xd30 [ 315.753961][T10016] genl_rcv+0x28/0x40 [ 315.753985][T10016] netlink_unicast+0x5aa/0x870 [ 315.754029][T10016] ? __pfx_netlink_unicast+0x10/0x10 [ 315.754082][T10016] netlink_sendmsg+0x8c8/0xdd0 [ 315.754129][T10016] ? __pfx_netlink_sendmsg+0x10/0x10 [ 315.754180][T10016] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 315.754214][T10016] ____sys_sendmsg+0xa98/0xc70 [ 315.754246][T10016] ? copy_msghdr_from_user+0x10a/0x160 [ 315.754282][T10016] ? __pfx_____sys_sendmsg+0x10/0x10 [ 315.754319][T10016] ? __pfx_futex_wake_mark+0x10/0x10 [ 315.754356][T10016] ___sys_sendmsg+0x134/0x1d0 [ 315.754389][T10016] ? futex_private_hash_put+0x176/0x300 [ 315.754430][T10016] ? __pfx____sys_sendmsg+0x10/0x10 [ 315.754461][T10016] ? __lock_acquire+0x622/0x1c90 [ 315.754534][T10016] __sys_sendmsg+0x16d/0x220 [ 315.754572][T10016] ? __pfx___sys_sendmsg+0x10/0x10 [ 315.754609][T10016] ? __x64_sys_futex+0x1e0/0x4c0 [ 315.754658][T10016] do_syscall_64+0xcd/0xfa0 [ 315.754697][T10016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.754724][T10016] RIP: 0033:0x7fa9ec58eec9 [ 315.754745][T10016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.754770][T10016] RSP: 002b:00007fa9ed4ec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 315.754794][T10016] RAX: ffffffffffffffda RBX: 00007fa9ec7e5fa0 RCX: 00007fa9ec58eec9 [ 315.754812][T10016] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000006 [ 315.754828][T10016] RBP: 00007fa9ec611f91 R08: 0000000000000000 R09: 0000000000000000 [ 315.754845][T10016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 315.754860][T10016] R13: 00007fa9ec7e6038 R14: 00007fa9ec7e5fa0 R15: 00007ffeecaefec8 [ 315.754897][T10016] [ 316.236231][T10022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.850'. [ 316.247773][T10022] FAULT_INJECTION: forcing a failure. [ 316.247773][T10022] name failslab, interval 1, probability 0, space 0, times 0 [ 316.261658][T10022] CPU: 1 UID: 0 PID: 10022 Comm: syz.2.850 Not tainted syzkaller #0 PREEMPT(full) [ 316.261679][T10022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 316.261688][T10022] Call Trace: [ 316.261693][T10022] [ 316.261699][T10022] dump_stack_lvl+0x16c/0x1f0 [ 316.261730][T10022] should_fail_ex+0x512/0x640 [ 316.261752][T10022] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 316.261774][T10022] should_failslab+0xc2/0x120 [ 316.261789][T10022] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 316.261808][T10022] ? stack_depot_save_flags+0x29/0x9c0 [ 316.261830][T10022] ? __d_alloc+0x32/0xae0 [ 316.261854][T10022] ? __d_alloc+0x32/0xae0 [ 316.261871][T10022] __d_alloc+0x32/0xae0 [ 316.261889][T10022] ? security_inode_alloc+0x3b/0x2b0 [ 316.261910][T10022] ? inode_init_always_gfp+0xce4/0x1030 [ 316.261932][T10022] d_alloc_parallel+0x111/0x1480 [ 316.261948][T10022] ? genl_rcv_msg+0x55c/0x800 [ 316.261963][T10022] ? netlink_rcv_skb+0x158/0x420 [ 316.261974][T10022] ? netlink_unicast+0x5aa/0x870 [ 316.261994][T10022] ? netlink_sendmsg+0x8c8/0xdd0 [ 316.262013][T10022] ? ____sys_sendmsg+0xa98/0xc70 [ 316.262027][T10022] ? __sys_sendmsg+0x16d/0x220 [ 316.262051][T10022] ? __pfx_d_alloc_parallel+0x10/0x10 [ 316.262069][T10022] ? lockdep_init_map_type+0x5c/0x280 [ 316.262086][T10022] ? lockdep_init_map_type+0x5c/0x280 [ 316.262104][T10022] __lookup_slow+0x193/0x460 [ 316.262120][T10022] ? __pfx___lookup_slow+0x10/0x10 [ 316.262138][T10022] ? folio_mapping+0x90/0x190 [ 316.262163][T10022] ? folio_mapping+0x90/0x190 [ 316.262184][T10022] ? d_lookup+0xe7/0x190 [ 316.262202][T10022] lookup_noperm+0xe1/0x110 [ 316.262218][T10022] simple_start_creating+0xd1/0x1b0 [ 316.262238][T10022] debugfs_start_creating.part.0+0x82/0x190 [ 316.262256][T10022] __debugfs_create_file+0xa7/0x6b0 [ 316.262276][T10022] debugfs_create_file_full+0x41/0x60 [ 316.262295][T10022] wiphy_register+0x202b/0x2b20 [ 316.262310][T10022] ? netdev_run_todo+0x864/0x1320 [ 316.262329][T10022] ? __pfx_wiphy_register+0x10/0x10 [ 316.262354][T10022] ieee80211_register_hw+0x253d/0x4120 [ 316.262376][T10022] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 316.262390][T10022] ? __pfx___debug_object_init+0x10/0x10 [ 316.262411][T10022] ? find_held_lock+0x2b/0x80 [ 316.262430][T10022] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 316.262449][T10022] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 316.262468][T10022] ? __hrtimer_setup+0x176/0x280 [ 316.262486][T10022] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 316.262514][T10022] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 316.262536][T10022] hwsim_new_radio_nl+0xba2/0x1330 [ 316.262554][T10022] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 316.262575][T10022] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 316.262591][T10022] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 316.262611][T10022] genl_family_rcv_msg_doit+0x209/0x2f0 [ 316.262628][T10022] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 316.262651][T10022] ? bpf_lsm_capable+0x9/0x10 [ 316.262664][T10022] ? security_capable+0x7e/0x260 [ 316.262678][T10022] ? ns_capable+0xd7/0x110 [ 316.262699][T10022] genl_rcv_msg+0x55c/0x800 [ 316.262716][T10022] ? __pfx_genl_rcv_msg+0x10/0x10 [ 316.262732][T10022] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 316.262754][T10022] netlink_rcv_skb+0x158/0x420 [ 316.262767][T10022] ? __pfx_genl_rcv_msg+0x10/0x10 [ 316.262782][T10022] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 316.262804][T10022] ? netlink_deliver_tap+0x1ae/0xd30 [ 316.262828][T10022] genl_rcv+0x28/0x40 [ 316.262840][T10022] netlink_unicast+0x5aa/0x870 [ 316.262865][T10022] ? __pfx_netlink_unicast+0x10/0x10 [ 316.262894][T10022] netlink_sendmsg+0x8c8/0xdd0 [ 316.262927][T10022] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.262952][T10022] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 316.262971][T10022] ____sys_sendmsg+0xa98/0xc70 [ 316.262987][T10022] ? copy_msghdr_from_user+0x10a/0x160 [ 316.263007][T10022] ? __pfx_____sys_sendmsg+0x10/0x10 [ 316.263028][T10022] ? __pfx_futex_wake_mark+0x10/0x10 [ 316.263048][T10022] ___sys_sendmsg+0x134/0x1d0 [ 316.263066][T10022] ? futex_private_hash_put+0x176/0x300 [ 316.263089][T10022] ? __pfx____sys_sendmsg+0x10/0x10 [ 316.263107][T10022] ? __lock_acquire+0x622/0x1c90 [ 316.263147][T10022] __sys_sendmsg+0x16d/0x220 [ 316.263167][T10022] ? __pfx___sys_sendmsg+0x10/0x10 [ 316.263187][T10022] ? __x64_sys_futex+0x1e0/0x4c0 [ 316.263213][T10022] do_syscall_64+0xcd/0xfa0 [ 316.263236][T10022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.263250][T10022] RIP: 0033:0x7f4de798eec9 [ 316.263264][T10022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.263277][T10022] RSP: 002b:00007f4de8768038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.263292][T10022] RAX: ffffffffffffffda RBX: 00007f4de7be5fa0 RCX: 00007f4de798eec9 [ 316.263302][T10022] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000007 [ 316.263311][T10022] RBP: 00007f4de7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 316.263320][T10022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 316.263328][T10022] R13: 00007f4de7be6038 R14: 00007f4de7be5fa0 R15: 00007ffe561e7438 [ 316.263350][T10022] [ 317.202937][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.210652][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.858090][T10089] netlink: 4 bytes leftover after parsing attributes in process `syz.3.860'. [ 318.867627][T10089] netlink: 13 bytes leftover after parsing attributes in process `syz.3.860'. [ 318.903534][T10089] netlink: 8 bytes leftover after parsing attributes in process `syz.3.860'. [ 320.072281][T10122] netlink: 8 bytes leftover after parsing attributes in process `syz.0.864'. [ 320.153149][T10122] FAULT_INJECTION: forcing a failure. [ 320.153149][T10122] name failslab, interval 1, probability 0, space 0, times 0 [ 320.177022][T10122] CPU: 1 UID: 0 PID: 10122 Comm: syz.0.864 Not tainted syzkaller #0 PREEMPT(full) [ 320.177057][T10122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 320.177072][T10122] Call Trace: [ 320.177080][T10122] [ 320.177091][T10122] dump_stack_lvl+0x16c/0x1f0 [ 320.177132][T10122] should_fail_ex+0x512/0x640 [ 320.177168][T10122] ? __kmalloc_noprof+0xca/0x880 [ 320.177200][T10122] should_failslab+0xc2/0x120 [ 320.177222][T10122] __kmalloc_noprof+0xdd/0x880 [ 320.177253][T10122] ? apply_wqattrs_prepare+0xf8/0xbd0 [ 320.177295][T10122] ? apply_wqattrs_prepare+0xf8/0xbd0 [ 320.177328][T10122] apply_wqattrs_prepare+0xf8/0xbd0 [ 320.177378][T10122] apply_workqueue_attrs_locked+0x64/0xe0 [ 320.177416][T10122] __alloc_workqueue+0xf3f/0x1810 [ 320.177454][T10122] alloc_workqueue_noprof+0xd2/0x200 [ 320.177480][T10122] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 320.177510][T10122] ? rcu_is_watching+0x12/0xc0 [ 320.177544][T10122] ? trace_kmalloc+0x2b/0xd0 [ 320.177564][T10122] ? __kmalloc_noprof+0x34f/0x880 [ 320.177595][T10122] ? ieee80211_register_hw+0x15c9/0x4120 [ 320.177630][T10122] ieee80211_register_hw+0x1f1a/0x4120 [ 320.177671][T10122] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 320.177698][T10122] ? __pfx___debug_object_init+0x10/0x10 [ 320.177736][T10122] ? find_held_lock+0x2b/0x80 [ 320.177771][T10122] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 320.177817][T10122] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 320.177854][T10122] ? __hrtimer_setup+0x176/0x280 [ 320.177889][T10122] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 320.177941][T10122] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 320.177982][T10122] hwsim_new_radio_nl+0xba2/0x1330 [ 320.178015][T10122] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 320.178055][T10122] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 320.178087][T10122] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 320.178126][T10122] genl_family_rcv_msg_doit+0x209/0x2f0 [ 320.178158][T10122] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 320.178199][T10122] ? bpf_lsm_capable+0x9/0x10 [ 320.178224][T10122] ? security_capable+0x7e/0x260 [ 320.178250][T10122] ? ns_capable+0xd7/0x110 [ 320.178287][T10122] genl_rcv_msg+0x55c/0x800 [ 320.178319][T10122] ? __pfx_genl_rcv_msg+0x10/0x10 [ 320.178347][T10122] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 320.178388][T10122] netlink_rcv_skb+0x158/0x420 [ 320.178412][T10122] ? __pfx_genl_rcv_msg+0x10/0x10 [ 320.178443][T10122] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 320.178483][T10122] ? netlink_deliver_tap+0x1ae/0xd30 [ 320.178526][T10122] genl_rcv+0x28/0x40 [ 320.178549][T10122] netlink_unicast+0x5aa/0x870 [ 320.178593][T10122] ? __pfx_netlink_unicast+0x10/0x10 [ 320.178646][T10122] netlink_sendmsg+0x8c8/0xdd0 [ 320.178684][T10122] ? __pfx_netlink_sendmsg+0x10/0x10 [ 320.178727][T10122] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 320.178760][T10122] ____sys_sendmsg+0xa98/0xc70 [ 320.178791][T10122] ? copy_msghdr_from_user+0x10a/0x160 [ 320.178830][T10122] ? __pfx_____sys_sendmsg+0x10/0x10 [ 320.178869][T10122] ? __pfx_futex_wake_mark+0x10/0x10 [ 320.178904][T10122] ___sys_sendmsg+0x134/0x1d0 [ 320.178936][T10122] ? futex_private_hash_put+0x176/0x300 [ 320.178977][T10122] ? __pfx____sys_sendmsg+0x10/0x10 [ 320.179010][T10122] ? __lock_acquire+0x622/0x1c90 [ 320.179081][T10122] __sys_sendmsg+0x16d/0x220 [ 320.179117][T10122] ? __pfx___sys_sendmsg+0x10/0x10 [ 320.179153][T10122] ? __x64_sys_futex+0x1e0/0x4c0 [ 320.179198][T10122] do_syscall_64+0xcd/0xfa0 [ 320.179237][T10122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.179264][T10122] RIP: 0033:0x7fa9ec58eec9 [ 320.179285][T10122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.179309][T10122] RSP: 002b:00007fa9ed4ec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 320.179332][T10122] RAX: ffffffffffffffda RBX: 00007fa9ec7e5fa0 RCX: 00007fa9ec58eec9 [ 320.179349][T10122] RDX: 0000000000018800 RSI: 0000200000001400 RDI: 0000000000000006 [ 320.179365][T10122] RBP: 00007fa9ec611f91 R08: 0000000000000000 R09: 0000000000000000 [ 320.179381][T10122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 320.179396][T10122] R13: 00007fa9ec7e6038 R14: 00007fa9ec7e5fa0 R15: 00007ffeecaefec8 [ 320.179447][T10122] [ 320.599282][ C1] vkms_vblank_simulate: vblank timer overrun [ 320.690759][T10132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.867'. [ 320.699782][T10132] tc_dump_action: action bad kind [ 320.892410][T10137] ICMPv6: process `syz.2.869' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 321.204403][T10148] netlink: 8 bytes leftover after parsing attributes in process `syz.0.871'. [ 321.354467][T10153] FAULT_INJECTION: forcing a failure. [ 321.354467][T10153] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.370563][T10153] CPU: 1 UID: 0 PID: 10153 Comm: syz.2.872 Not tainted syzkaller #0 PREEMPT(full) [ 321.370595][T10153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 321.370609][T10153] Call Trace: [ 321.370617][T10153] [ 321.370626][T10153] dump_stack_lvl+0x16c/0x1f0 [ 321.370665][T10153] should_fail_ex+0x512/0x640 [ 321.370706][T10153] _copy_from_iter+0x29f/0x1720 [ 321.370759][T10153] ? __pfx__copy_from_iter+0x10/0x10 [ 321.370803][T10153] ? __pfx___might_resched+0x10/0x10 [ 321.370844][T10153] file_tty_write.constprop.0+0x487/0x9b0 [ 321.370885][T10153] redirected_tty_write+0xd4/0x150 [ 321.370914][T10153] vfs_write+0x7d3/0x11d0 [ 321.370949][T10153] ? __pfx_redirected_tty_write+0x10/0x10 [ 321.370981][T10153] ? __pfx_vfs_write+0x10/0x10 [ 321.371011][T10153] ? find_held_lock+0x2b/0x80 [ 321.371066][T10153] ksys_write+0x12a/0x250 [ 321.371098][T10153] ? __pfx_ksys_write+0x10/0x10 [ 321.371142][T10153] do_syscall_64+0xcd/0xfa0 [ 321.371178][T10153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.371202][T10153] RIP: 0033:0x7f4de798eec9 [ 321.371223][T10153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.371246][T10153] RSP: 002b:00007f4de5bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 321.371270][T10153] RAX: ffffffffffffffda RBX: 00007f4de7be6270 RCX: 00007f4de798eec9 [ 321.371286][T10153] RDX: 0000000000000c2d RSI: 0000200000000e00 RDI: 000000000000000a [ 321.371301][T10153] RBP: 00007f4de5bd5090 R08: 0000000000000000 R09: 0000000000000000 [ 321.371315][T10153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.371329][T10153] R13: 00007f4de7be6308 R14: 00007f4de7be6270 R15: 00007ffe561e7438 [ 321.371365][T10153] [ 321.550661][ C1] vkms_vblank_simulate: vblank timer overrun [ 322.608937][T10176] netlink: 28 bytes leftover after parsing attributes in process `syz.2.879'. [ 322.742053][T10181] hub 8-0:1.0: USB hub found [ 322.758750][T10181] hub 8-0:1.0: 1 port detected [ 322.814344][T10187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.880'. [ 323.030606][T10191] netlink: 8 bytes leftover after parsing attributes in process `syz.1.882'. [ 323.809319][T10227] netlink: 8 bytes leftover after parsing attributes in process `syz.2.890'. [ 325.257665][T10257] netlink: 8 bytes leftover after parsing attributes in process `syz.2.896'. [ 327.012566][T10292] sp0: Synchronizing with TNC è[ 327.576937][T10314] FAULT_INJECTION: forcing a failure. [ 327.576937][T10314] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 327.615076][T10314] CPU: 1 UID: 0 PID: 10314 Comm: syz.2.910 Not tainted syzkaller #0 PREEMPT(full) [ 327.615108][T10314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 327.615122][T10314] Call Trace: [ 327.615131][T10314] [ 327.615139][T10314] dump_stack_lvl+0x16c/0x1f0 [ 327.615175][T10314] should_fail_ex+0x512/0x640 [ 327.615212][T10314] _copy_from_iter+0x29f/0x1720 [ 327.615257][T10314] ? __alloc_skb+0x200/0x380 [ 327.615280][T10314] ? __pfx__copy_from_iter+0x10/0x10 [ 327.615301][T10314] ? netlink_autobind.isra.0+0x158/0x370 [ 327.615329][T10314] netlink_sendmsg+0x820/0xdd0 [ 327.615354][T10314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 327.615377][T10314] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 327.615396][T10314] sock_write_iter+0x566/0x610 [ 327.615411][T10314] ? __pfx_sock_write_iter+0x10/0x10 [ 327.615433][T10314] ? bpf_lsm_file_permission+0x9/0x10 [ 327.615454][T10314] ? security_file_permission+0x71/0x210 [ 327.615471][T10314] ? rw_verify_area+0xcf/0x6c0 [ 327.615490][T10314] vfs_write+0x7d3/0x11d0 [ 327.615509][T10314] ? __pfx_sock_write_iter+0x10/0x10 [ 327.615526][T10314] ? __pfx_vfs_write+0x10/0x10 [ 327.615542][T10314] ? find_held_lock+0x2b/0x80 [ 327.615572][T10314] ksys_write+0x1f8/0x250 [ 327.615591][T10314] ? __pfx_ksys_write+0x10/0x10 [ 327.615615][T10314] do_syscall_64+0xcd/0xfa0 [ 327.615639][T10314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.615653][T10314] RIP: 0033:0x7f4de798eec9 [ 327.615666][T10314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.615679][T10314] RSP: 002b:00007f4de8768038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 327.615693][T10314] RAX: ffffffffffffffda RBX: 00007f4de7be5fa0 RCX: 00007f4de798eec9 [ 327.615702][T10314] RDX: 00000000000002fb RSI: 0000200000000000 RDI: 0000000000000004 [ 327.615711][T10314] RBP: 00007f4de8768090 R08: 0000000000000000 R09: 0000000000000000 [ 327.615719][T10314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 327.615727][T10314] R13: 00007f4de7be6038 R14: 00007f4de7be5fa0 R15: 00007ffe561e7438 [ 327.615746][T10314] [ 327.947351][T10304] Process accounting paused [ 328.488398][T10330] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !Pyù*›"¤l-ý¤ôy–ú„L̓÷5‡;å syzkaller syzkaller login: [ 328.944823][T10334] ================================================================== [ 328.944843][T10334] BUG: KASAN: slab-use-after-free in fbcon_prepare_logo+0xa03/0xc70 [ 328.944896][T10334] Read of size 256 at addr ffff888078c027c0 by task syz.0.912/10334 [ 328.944920][T10334] [ 328.944932][T10334] CPU: 0 UID: 0 PID: 10334 Comm: syz.0.912 Not tainted syzkaller #0 PREEMPT(full) [ 328.944967][T10334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 328.944983][T10334] Call Trace: [ 328.944991][T10334] [ 328.945001][T10334] dump_stack_lvl+0x116/0x1f0 [ 328.945038][T10334] print_report+0xcd/0x630 [ 328.945062][T10334] ? __virt_addr_valid+0x81/0x610 [ 328.945087][T10334] ? __phys_addr+0xe8/0x180 [ 328.945111][T10334] ? fbcon_prepare_logo+0xa03/0xc70 [ 328.945145][T10334] kasan_report+0xe0/0x110 [ 328.945169][T10334] ? fbcon_prepare_logo+0xa03/0xc70 [ 328.945209][T10334] kasan_check_range+0x100/0x1b0 [ 328.945238][T10334] __asan_memcpy+0x23/0x60 [ 328.945271][T10334] fbcon_prepare_logo+0xa03/0xc70 [ 328.945314][T10334] fbcon_init+0xd77/0x1900 [ 328.945350][T10334] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 328.945389][T10334] visual_init+0x320/0x620 [ 328.945426][T10334] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 328.945458][T10334] store_bind+0x61d/0x760 [ 328.945485][T10334] ? sysfs_file_kobj+0xe4/0x290 [ 328.945520][T10334] ? __pfx_store_bind+0x10/0x10 [ 328.945550][T10334] dev_attr_store+0x58/0x80 [ 328.945587][T10334] ? __pfx_dev_attr_store+0x10/0x10 [ 328.945623][T10334] sysfs_kf_write+0xf2/0x150 [ 328.945657][T10334] kernfs_fop_write_iter+0x3af/0x570 [ 328.945687][T10334] ? __pfx_sysfs_kf_write+0x10/0x10 [ 328.945723][T10334] iter_file_splice_write+0xa24/0x12e0 [ 328.945766][T10334] ? __pfx_iter_file_splice_write+0x10/0x10 [ 328.945805][T10334] ? __pfx_copy_splice_read+0x10/0x10 [ 328.945844][T10334] ? __pfx_iter_file_splice_write+0x10/0x10 [ 328.945879][T10334] direct_splice_actor+0x192/0x6c0 [ 328.945919][T10334] splice_direct_to_actor+0x345/0xa30 [ 328.945958][T10334] ? __pfx_direct_splice_actor+0x10/0x10 [ 328.945993][T10334] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 328.946030][T10334] do_splice_direct+0x174/0x240 [ 328.946061][T10334] ? __pfx_do_splice_direct+0x10/0x10 [ 328.946093][T10334] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 328.946126][T10334] ? rw_verify_area+0xcf/0x6c0 [ 328.946158][T10334] do_sendfile+0xb06/0xe50 [ 328.946193][T10334] ? __pfx_do_sendfile+0x10/0x10 [ 328.946228][T10334] ? __x64_sys_futex+0x1e0/0x4c0 [ 328.946252][T10334] ? __x64_sys_futex+0x1e9/0x4c0 [ 328.946280][T10334] __x64_sys_sendfile64+0x1d8/0x220 [ 328.946304][T10334] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 328.946333][T10334] do_syscall_64+0xcd/0xfa0 [ 328.946371][T10334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.946397][T10334] RIP: 0033:0x7fa9ec58eec9 [ 328.946419][T10334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.946444][T10334] RSP: 002b:00007fa9ed4aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 328.946469][T10334] RAX: ffffffffffffffda RBX: 00007fa9ec7e6180 RCX: 00007fa9ec58eec9 [ 328.946488][T10334] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000009 [ 328.946503][T10334] RBP: 00007fa9ec611f91 R08: 0000000000000000 R09: 0000000000000000 [ 328.946520][T10334] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 328.946535][T10334] R13: 00007fa9ec7e6218 R14: 00007fa9ec7e6180 R15: 00007ffeecaefec8 [ 328.946562][T10334] [ 328.946571][T10334] [ 328.946577][T10334] Allocated by task 6770: [ 328.946589][T10334] kasan_save_stack+0x33/0x60 [ 328.946624][T10334] kasan_save_track+0x14/0x30 [ 328.946658][T10334] __kasan_kmalloc+0xaa/0xb0 [ 328.946691][T10334] __kmalloc_node_track_caller_noprof+0x345/0x8a0 [ 328.946727][T10334] kmalloc_reserve+0xef/0x2c0 [ 328.946751][T10334] __alloc_skb+0x166/0x380 [ 328.946781][T10334] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 328.946820][T10334] process_one_work+0x9cf/0x1b70 [ 328.946849][T10334] worker_thread+0x6c8/0xf10 [ 328.946875][T10334] kthread+0x3c5/0x780 [ 328.946909][T10334] ret_from_fork+0x675/0x7d0 [ 328.946936][T10334] ret_from_fork_asm+0x1a/0x30 [ 328.946961][T10334] [ 328.946969][T10334] Freed by task 6770: [ 328.946980][T10334] kasan_save_stack+0x33/0x60 [ 328.947014][T10334] kasan_save_track+0x14/0x30 [ 328.947047][T10334] __kasan_save_free_info+0x3b/0x60 [ 328.947075][T10334] __kasan_slab_free+0x5f/0x80 [ 328.947109][T10334] kfree+0x2b8/0x6d0 [ 328.947135][T10334] skb_free_head+0x114/0x210 [ 328.947163][T10334] skb_release_data+0x795/0x9e0 [ 328.947196][T10334] consume_skb+0xbf/0x100 [ 328.947218][T10334] nsim_dev_trap_report_work+0x8bd/0xcf0 [ 328.947254][T10334] process_one_work+0x9cf/0x1b70 [ 328.947281][T10334] worker_thread+0x6c8/0xf10 [ 328.947308][T10334] kthread+0x3c5/0x780 [ 328.947331][T10334] ret_from_fork+0x675/0x7d0 [ 328.947357][T10334] ret_from_fork_asm+0x1a/0x30 [ 328.947380][T10334] [ 328.947387][T10334] The buggy address belongs to the object at ffff888078c02000 [ 328.947387][T10334] which belongs to the cache kmalloc-4k of size 4096 [ 328.947408][T10334] The buggy address is located 1984 bytes inside of [ 328.947408][T10334] freed 4096-byte region [ffff888078c02000, ffff888078c03000) [ 328.947434][T10334] [ 328.947440][T10334] The buggy address belongs to the physical page: [ 328.947452][T10334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78c00 [ 328.947474][T10334] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 328.947494][T10334] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 328.947517][T10334] page_type: f5(slab) [ 328.947540][T10334] raw: 00fff00000000040 ffff88813ffa7140 ffffea0000bfaa00 dead000000000002 [ 328.947563][T10334] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 328.947587][T10334] head: 00fff00000000040 ffff88813ffa7140 ffffea0000bfaa00 dead000000000002 [ 328.947611][T10334] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 328.947634][T10334] head: 00fff00000000003 ffffea0001e30001 00000000ffffffff 00000000ffffffff [ 328.947657][T10334] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 328.947671][T10334] page dumped because: kasan: bad access detected [ 328.947694][T10334] page_owner tracks the page as allocated [ 328.947704][T10334] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5493, tgid 5493 (dhcpcd), ts 51980249651, free_ts 51924434420 [ 328.947750][T10334] post_alloc_hook+0x1c0/0x230 [ 328.947779][T10334] get_page_from_freelist+0x10a3/0x3a30 [ 328.947809][T10334] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 328.947842][T10334] alloc_pages_mpol+0x1fb/0x550 [ 328.947864][T10334] new_slab+0x24a/0x360 [ 328.947896][T10334] ___slab_alloc+0xdc4/0x1ae0 [ 328.947924][T10334] __slab_alloc.constprop.0+0x63/0x110 [ 328.947954][T10334] __kmalloc_cache_noprof+0x477/0x780 [ 328.947984][T10334] kernfs_iop_get_link+0x65/0x1670 [ 328.948015][T10334] step_into+0x196c/0x21a0 [ 328.948042][T10334] walk_component+0xfc/0x5b0 [ 328.948070][T10334] link_path_walk+0x627/0xe20 [ 328.948097][T10334] path_openat+0x1b0/0x2cb0 [ 328.948128][T10334] do_filp_open+0x20b/0x470 [ 328.948156][T10334] do_sys_openat2+0x11b/0x1d0 [ 328.948181][T10334] __x64_sys_openat+0x174/0x210 [ 328.948206][T10334] page last free pid 5492 tgid 5492 stack trace: [ 328.948220][T10334] __free_frozen_pages+0x7df/0x1160 [ 328.948245][T10334] __put_partials+0x130/0x170 [ 328.948273][T10334] qlist_free_all+0x4d/0x120 [ 328.948304][T10334] kasan_quarantine_reduce+0x195/0x1e0 [ 328.948337][T10334] __kasan_slab_alloc+0x69/0x90 [ 328.948372][T10334] kmem_cache_alloc_node_noprof+0x28a/0x770 [ 328.948401][T10334] __alloc_skb+0x2b2/0x380 [ 328.948431][T10334] alloc_skb_with_frags+0xe0/0x860 [ 328.948449][T10334] sock_alloc_send_pskb+0x7f9/0x980 [ 328.948476][T10334] unix_dgram_sendmsg+0x3e9/0x17f0 [ 328.948506][T10334] unix_seqpacket_sendmsg+0x12a/0x1c0 [ 328.948537][T10334] sock_write_iter+0x566/0x610 [ 328.948562][T10334] vfs_write+0x7d3/0x11d0 [ 328.948592][T10334] ksys_write+0x1f8/0x250 [ 328.948622][T10334] do_syscall_64+0xcd/0xfa0 [ 328.948654][T10334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.948678][T10334] [ 328.948685][T10334] Memory state around the buggy address: [ 328.948697][T10334] ffff888078c02680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.948716][T10334] ffff888078c02700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.948734][T10334] >ffff888078c02780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.948749][T10334] ^ [ 328.948763][T10334] ffff888078c02800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.948781][T10334] ffff888078c02880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.948796][T10334] ================================================================== [ 328.948937][T10334] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 328.948955][T10334] CPU: 0 UID: 0 PID: 10334 Comm: syz.0.912 Not tainted syzkaller #0 PREEMPT(full) [ 328.948987][T10334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 328.949002][T10334] Call Trace: [ 328.949011][T10334] [ 328.949021][T10334] dump_stack_lvl+0x3d/0x1f0 [ 328.949058][T10334] vpanic+0x640/0x6f0 [ 328.949087][T10334] panic+0xca/0xd0 [ 328.949113][T10334] ? __pfx_panic+0x10/0x10 [ 328.949140][T10334] ? fbcon_prepare_logo+0xa03/0xc70 [ 328.949176][T10334] ? preempt_schedule_common+0x44/0xc0 [ 328.949211][T10334] ? preempt_schedule_thunk+0x16/0x30 [ 328.949245][T10334] check_panic_on_warn+0xab/0xb0 [ 328.949273][T10334] end_report+0x107/0x170 [ 328.949297][T10334] kasan_report+0xee/0x110 [ 328.949321][T10334] ? fbcon_prepare_logo+0xa03/0xc70 [ 328.949362][T10334] kasan_check_range+0x100/0x1b0 [ 328.949391][T10334] __asan_memcpy+0x23/0x60 [ 328.949424][T10334] fbcon_prepare_logo+0xa03/0xc70 [ 328.949467][T10334] fbcon_init+0xd77/0x1900 [ 328.949503][T10334] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 328.949542][T10334] visual_init+0x320/0x620 [ 328.949581][T10334] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 328.949613][T10334] store_bind+0x61d/0x760 [ 328.949641][T10334] ? sysfs_file_kobj+0xe4/0x290 [ 328.949676][T10334] ? __pfx_store_bind+0x10/0x10 [ 328.949700][T10334] dev_attr_store+0x58/0x80 [ 328.949736][T10334] ? __pfx_dev_attr_store+0x10/0x10 [ 328.949770][T10334] sysfs_kf_write+0xf2/0x150 [ 328.949807][T10334] kernfs_fop_write_iter+0x3af/0x570 [ 328.949837][T10334] ? __pfx_sysfs_kf_write+0x10/0x10 [ 328.949874][T10334] iter_file_splice_write+0xa24/0x12e0 [ 328.949929][T10334] ? __pfx_iter_file_splice_write+0x10/0x10 [ 328.949967][T10334] ? __pfx_copy_splice_read+0x10/0x10 [ 328.950009][T10334] ? __pfx_iter_file_splice_write+0x10/0x10 [ 328.950045][T10334] direct_splice_actor+0x192/0x6c0 [ 328.950080][T10334] splice_direct_to_actor+0x345/0xa30 [ 328.950113][T10334] ? __pfx_direct_splice_actor+0x10/0x10 [ 328.950148][T10334] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 328.950186][T10334] do_splice_direct+0x174/0x240 [ 328.950218][T10334] ? __pfx_do_splice_direct+0x10/0x10 [ 328.950250][T10334] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 328.950284][T10334] ? rw_verify_area+0xcf/0x6c0 [ 328.950316][T10334] do_sendfile+0xb06/0xe50 [ 328.950351][T10334] ? __pfx_do_sendfile+0x10/0x10 [ 328.950386][T10334] ? __x64_sys_futex+0x1e0/0x4c0 [ 328.950412][T10334] ? __x64_sys_futex+0x1e9/0x4c0 [ 328.950440][T10334] __x64_sys_sendfile64+0x1d8/0x220 [ 328.950466][T10334] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 328.950498][T10334] do_syscall_64+0xcd/0xfa0 [ 328.950535][T10334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.950562][T10334] RIP: 0033:0x7fa9ec58eec9 [ 328.950583][T10334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.950608][T10334] RSP: 002b:00007fa9ed4aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 328.950634][T10334] RAX: ffffffffffffffda RBX: 00007fa9ec7e6180 RCX: 00007fa9ec58eec9 [ 328.950653][T10334] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000009 [ 328.950669][T10334] RBP: 00007fa9ec611f91 R08: 0000000000000000 R09: 0000000000000000 [ 328.950687][T10334] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 328.950703][T10334] R13: 00007fa9ec7e6218 R14: 00007fa9ec7e6180 R15: 00007ffeecaefec8 [ 328.950730][T10334] [ 328.950993][T10334] Kernel Offset: disabled